| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: blancher at cartel-securite.fr (Cedric Blancher) Subject: [SECURITY] [DSA-403-1] userland can access Linux kernel memory Le lun 01/12/2003 ? 23:58, Florian Weimer a ?crit : > Does this mean that the vendor-sec concept has failed, or that there is > a leak on that list? Or is this just an issue which is very specific to > Linux and its maintainer situation? This just means that vendors are using network and systems just like any other company and they're so exposed to the same risks. And sometimes, they get compromised. I don't think this kind of issue is vendor specific or Linux specific. MS and more recently Valve we're stolen code after a compromission as an example, or OpenSSH trojaned code last year. That points the necessity of checking packages signatures when installing/updating packages, as shit sometimes happens. I really like Debian complete transparency to people, using their distro or not, following this intrusion and communication around analysis that leads to this alert. -- http://www.netexit.com/~sid/ PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE >> Hi! I'm your friendly neighbourhood signature virus. >> Copy me to your signature file and help me spread!
Powered by blists - more mailing lists