lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <4085D233.3000209@nbnet.nb.ca>
From: smenard at nbnet.nb.ca (Steve Menard)
Subject: was Core Internet Vulnerable - News at 11:00 -=
 Your message to Full-Disclosure awaits moderator approval

Moderation of an un-moderated list at it's best
on an valid subject no less ....
I guess it's my bad as its not named early disclosure

So, malware below 20k ........ Ca CHING
Bet this fits whithin the 20K  ;-)
and takes what xx minutes to make it to the last victim

At 16:48 AST [1548EST]  
I sent David Ahmed's copy of [NISCC Vulnerability Advisory 236929: 
Vulnerability Issues in TCP] forwarded from the UK
 In reply to

Crist J. Clark wrote:

>Does anyone know WTF they are trying to say in this AP article,
>"Core Internet Technology Is Vulnerable,"
>
>  http://story.news.yahoo.com/news?tmpl=story&cid=562&ncid=738&e=1&u=/ap/20040420/ap_on_hi_te/internet_threat
>
>It sounds like they are talking about a sequence number guessing
>attack on TCP BGP sessions? Sequence number prediction isn't really
>a new attack, but the story says,
>
>  "Experts previously maintained such attacks could take between
>   four years and 142 years to succeed because they require guessing
>   a rotating number from roughly 4 billion possible combinations.
>   Watson said he can guess the proper number with as few as four
>   attempts, which can be accomplished within seconds."
>
>Hmmm... Four attempts... And the story makes it sound like a 
>cross-platform attack, not a bug in a particular OS's ISN generation.
>FUD or is there something here?
>  
>

I found this [below] in my in basket
Luckily I sent Christ the email OFF_LINE
smenard

PS BONUS POINTS:  Dr Phil can't participate
can any one tell me why I feel like swearing?
full disclosure.....................Limited of course ;-)

Your mail to 'Full-Disclosure' with the subject

    Re: [Full-Disclosure] Core Internet Vulnerable - News at 11:00

Is being held until the list moderator can review it for approval.

The reason it is being held:

    Message body is too big: 46716 bytes but there's a limit of 20 KB

Either the message will get posted to the list, or you will receive
notification of the moderator's decision.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ