| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: randomusername at hushmail.com (Generated by a PseudoRandom Number Generator) Subject: No Subject (re: openssh exploit code?) On <somedate> Montana said... >I agree with Mitch. Lets say you get an advisory that >a severe thunderstorm may be coming your way. Do you >wait until the wind and rain are blowing inside your >house to close the windows and doors. <snip> This is one of the silliest analogies I have ever heard. If you are seriously suggesting that Mitch (or anyone on full-disclosure, bugtraq, etc) is the equivalent of the <Insert local/national weather service>, you are crazy. If you insist on having an analogous situation, pretend you live in a town with 10,000 old guys all sitting on porch rocking chairs, and every day, a couple of them yell that the storm of the century is coming. Some times, they overhear one-and-other, and the cries of "Storm, Storm" get louder. How can you tell who to believe, maybe one old guy has a doppler radar in his outhouse, all of a sudden, he should be believed, but if he doesn't tell you why he thinks a storm is a brewin', you're going to spend every day cowering in your house, afraid. Really I think that's the point, and the value of full-disclosure to the community, you don't have to trust some old guy with a trick knee, you can judge for yourself whether something is possible. (Note: when I say "full-disclosure, I am not advocating publishing all exploit details, but the information that was presented by lcamtuf certainly went a whole lot further to disclosing one possible exploitation path, and allowed people to better assess the risk and then allow them to judge the importance of this patch, over, say, the Microsoft Exchange patch. ) And btw, this is one of silliest, most annoying, on-charter discussions I have ever seen on this list. (actually, it's one of the few on-charter discussions that I have ever seen on the list), I can't believe I contributed to it. Concerned about your privacy? Follow this link to get FREE encrypted email: https://www.hushmail.com/?l=2 Free, ultra-private instant messaging with Hush Messenger https://www.hushmail.com/services.php?subloc=messenger&l=434 Promote security and make money with the Hushmail Affiliate Program: https://www.hushmail.com/about.php?subloc=affiliate&l=427
Powered by blists - more mailing lists