lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Pine.GSO.4.43.0311131410130.9227-100000@tundra.winternet.com>
From: dufresne at winternet.com (Ron DuFresne)
Subject: SSH Exploit Request

	[SNIP]

> >
> But...  He may work for an organization that
>
> a) makes him responsible for function, and isolated from policy influence
> (possibly broken).
>
> b) in which his manager is politically isolated (broken).
>
> c) is subject to a DITSCAP-style regime of testing and documentation processes
> - - not broken!
>
> In any case - it is unhelpful an peevishly arrogant to spit out "change your
> process."  O.K.  That may be happening over time.  What can I do /now/?
>
> Not pointing out the obvious - gobbles exploit code - leads to this kind of
> meta-thread, which has been the cause of so much grievance to some.
>
> A simple reply about the exploit and currency would have been entirely on
> topic for the list!

And of course the gobbles code is old and most likely does not fit the
bill for the current need to patch, as was the starting point for the
fairly recently secure programming threads.  There might not be current
sploit code to cover the potential risk his version of openssh/openssl is
requiring a patch/fix.

Thanks,

Ron DuFresne
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
	***testing, only testing, and damn good at it too!***

OK, so you're a Ph.D.  Just don't touch anything.


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ