| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: adam at huntrecruiting.com (Adam) Subject: SSH Exploit Request This is not a flame!! I'm just wondering if announcing to a list full of people both good, and bad who are able to exploit an old bug that "I have an un-patched system" is good security practice? I got rooted after simply replying to an ass-hole asking "if any one thought they where being spied on by the US Gov" off the list it was an old MDK8.1 box I was trying to keep around just a minuet or two longer and didn't have time to patch properly. (My Bad) My 2 cents Adam On Thursday 13 November 2003 01:03 pm, Jeremiah Cornelius wrote: > On Thu November 13 2003 08:07, Valdis.Kletnieks@...edu wrote: > > On Thu, 13 Nov 2003 02:18:57 PST, Jeremiah Cornelius said: > > > > > We need to test it before we are permitted to upgrade. Please help. > > > > > > > > Help yourself and redesign your patch management. > > > > > > Yeah. Everyone can do that, smartass. > > > > No, he's right. The OP's environment apparently requires that there be > > testing before they're allowed to upgrade. > > > > That's *broken*. Plain and simple. > > But... He may work for an organization that > > a) makes him responsible for function, and isolated from policy influence > (possibly broken). > > b) in which his manager is politically isolated (broken). > > c) is subject to a DITSCAP-style regime of testing and documentation > processes - not broken! > > In any case - it is unhelpful an peevishly arrogant to spit out "change > your process." O.K. That may be happening over time. What can I do > /now/? > > Not pointing out the obvious - gobbles exploit code - leads to this kind of > meta-thread, which has been the cause of so much grievance to some. > > A simple reply about the exploit and currency would have been entirely on > topic for the list! > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html -- -----BEGIN PGP PUBLIC KEY BLOCK----- Version: OpenKeyServer v1.2 Comment: Extracted from belgium.keyserver.net mQGiBDvODnIRBAD6ex+LS95ar546tDkRgaAv9T9RMle24L9xAmwkychQ6yL8LdNP kSZc6ErAUlMR1ygEGYAppWyBWrA6GFFijbfvX9pH7r2r5JdDv4X30ZlUAmbdeJub GfvGk63/JpEheLictj6A7xPb2+9mIpJ1g/AP5Eyxa+1V7pOqZzaFST2otwCg/8ql aJrMR6GQ+iDhwdo8wvI/D/sD/2rJkqAKr1Y6PoL70y0qqv/KbAxvViAl/HNfYk1g gL1YyqF1xNO5AgxzMS/KGHdYw+rWlbfjRuCJO813OT1/yefZbahModayyinlh8IN x9U8rs0sIOmpWMaMT3WvC75lcndV9Tfs/r8/SpYuU0wH2Xym5vJG1TLWRegdy3E6 PYpCA/9NT/1zbQS8haRkFUCZt6c7D0PRw4gT2bKhC7563x2xcRGPWKBXz0X1s6bb D5g9uitibnFo0F/MGK/v1NU5Z7vCgEXJsv+B5VRsnPloT1WEoYZ/IYUb0NlUszKf cI7rvaBjZ00SqivtDECefpNAjSfl5EJ+0ZCZgo2xjCfiQ0T1a7QmQWRhbSBQLiBI dW50IDxhZGFtQGh1bnRyZWNydWl0aW5nLmNvbT6ISQQQEQIACQUCPJeCgQIZAQAK CRDfxArjO/C7CAmjAJ4q9EpvuNpvi5BlBR7MfOfTo8VRaACg5Rka3nw40myMDBZZ QYUxQ36CVGu5Ag0EO84OchAIAPZCV7cIfwgXcqK61qlC8wXo+VMROU+28W65Szgg 2gGnVqMU6Y9AVfPQB8bLQ6mUrfdMZIZJ+AyDvWXpF9Sh01D49Vlf3HZSTz09jdvO meFXklnN/biudE/F/Ha8g8VHMGHOfMlm/xX5u/2RXscBqtNbno2gpXI61Brwv0YA WCvl9Ij9WE5J280gtJ3kkQc2azNsOA1FHQ98iLMcfFstjvbzySPAQ/ClWxiNjrtV jLhdONM0/XwXV0OjHRhs3jMhLLUq/zzhsSlAGBGNfISnCnLWhsQDGcgHKXrKlQzZ lp+r0ApQmwJG0wg9ZqRdQZ+cfL2JSyIZJrqrol7DVekyCzsAAgIH/RAtkqoEqDD7 n1ykPPGNtSJ1sNZG6ENonnNGEOMXyb5X3oINxMNTO4UZtuYNkfRMwCvNb+on4Swa 7L+GVwuzJgH87QbFk1htxxzj7FS+4aXHf24QQSLSzGbYEZqFxyg6gXB34q9yGFNa ELMO6LyiL2sFykXw0P9+VNCOEqgMJQ+wTLttkFclSf8ycm7PYqsHAtgKk3fEUdoJ ILkrxe5+G+2hHv8ACav8nBcKnt/V9CK69TTWbfsNlRQRP5SggiPUsmraQHDvak51 QOqsupOXOeE7GBGUUYBgOkq/6hbRF4BHHugngoeZgfCcWtELvL/suQY+LZshIxZo BhxYvDx9XxC5Ag0EPJbF0BAIAPZCV7cIfwgXcqK61qlC8wXo+VMROU+28W65Szgg 2gGnVqMU6Y9AVfPQB8bLQ6mUrfdMZIZJ+AyDvWXpF9Sh01D49Vlf3HZSTz09jdvO meFXklnN/biudE/F/Ha8g8VHMGHOfMlm/xX5u/2RXscBqtNbno2gpXI61Brwv0YA WCvl9Ij9WE5J280gtJ3kkQc2azNsOA1FHQ98iLMcfFstjvbzySPAQ/ClWxiNjrtV jLhdONM0/XwXV0OjHRhs3jMhLLUq/zzhsSlAGBGNfISnCnLWhsQDGcgHKXrKlQzZ lp+r0ApQmwJG0wg9ZqRdQZ+cfL2JSyIZJrqrol7DVekyCzsAAgIH/0/nO38lPuZy pxRmBe7MBrrCLLuAhGNLq1oCTuA6JNCba7933x6vicdFrEJaIpDPWe7EVHyBJ+a6 ndLcOC8TLruuKXJY9R9oQEmKRSpjd2qDrOraglCvPeI3erQY99uxhNf/vMnBVVfF wf1JbOUEDc4oXyjXk57rHkKrWkveNpBYFwdnIbott9svjwn0EAHI8jxXErQjboKq 8gYQfUdldVndkYz7AQlzrAV0sJSZIjLtzvfX7j26OLBYC0t9P8yG4cKDCGOWAhqs 1lhiZ6bm6Yq9RGKc4Cfk57BwYtGVNE6qsFc8kK/rx0zW+sYvCfHUqoahsyTf4wHC oOHeBlITx4qITAQYEQIADAUCO84OcgUbDAAAAAAKCRDfxArjO/C7CMbEAKD6A0Sm p5OL5HxXOUkvSiGpSgRfMQCcDwaavQvsZcL4pO5xc90gm0ZdOUw= =jeF/ -----END PGP PUBLIC KEY BLOCK-----
Powered by blists - more mailing lists