lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: nodialtone at (Byron Copeland)
Subject: was Core Internet Vulnerable - News at 11:00
	-= Your message to Full-Disclosure awaits moderator approval


I know, Sucks.  I've been moderated on occasion myself a couple of times
on this 'non-moderated list'.

Does it now mean FULL-DISCLOSURE = 'Post at your own risk?'  it's
getting like the security-basics or bug-traq list, or anything else
gets 5 days of scrutiny because it isn't politically correct to post
expert opinions or comments to such f'd up lists.

Try to send people to the bank to buy a clue or research the problem and
then they say isn't appropriate for this forums or the moderators answer
to is that the reply is:

break, toooooooooooooooooooooooooooo, long.   

I could add more bytes, then this would be censored as well.

Ok, Ok, solution?


On Tue, 2004-04-20 at 21:45, Steve Menard wrote:
> Moderation of an un-moderated list at it's best
> on an valid subject no less ....
> I guess it's my bad as its not named early disclosure
> So, malware below 20k ........ Ca CHING
> Bet this fits whithin the 20K  ;-)
> and takes what xx minutes to make it to the last victim
> At 16:48 AST [1548EST]  
> I sent David Ahmed's copy of [NISCC Vulnerability Advisory 236929: 
> Vulnerability Issues in TCP] forwarded from the UK
>  In reply to
> Crist J. Clark wrote:
> >Does anyone know WTF they are trying to say in this AP article,
> >"Core Internet Technology Is Vulnerable,"
> >
> >
> >
> >It sounds like they are talking about a sequence number guessing
> >attack on TCP BGP sessions? Sequence number prediction isn't really
> >a new attack, but the story says,
> >
> >  "Experts previously maintained such attacks could take between
> >   four years and 142 years to succeed because they require guessing
> >   a rotating number from roughly 4 billion possible combinations.
> >   Watson said he can guess the proper number with as few as four
> >   attempts, which can be accomplished within seconds."
> >
> >Hmmm... Four attempts... And the story makes it sound like a 
> >cross-platform attack, not a bug in a particular OS's ISN generation.
> >FUD or is there something here?
> >  
> >
> I found this [below] in my in basket
> Luckily I sent Christ the email OFF_LINE
> smenard
> PS BONUS POINTS:  Dr Phil can't participate
> can any one tell me why I feel like swearing?
> full disclosure.....................Limited of course ;-)
> Your mail to 'Full-Disclosure' with the subject
>     Re: [Full-Disclosure] Core Internet Vulnerable - News at 11:00
> Is being held until the list moderator can review it for approval.
> The reason it is being held:
>     Message body is too big: 46716 bytes but there's a limit of 20 KB
> Either the message will get posted to the list, or you will receive
> notification of the moderator's decision.
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter:
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :

Powered by blists - more mailing lists