lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Thu Sep  8 18:27:44 2005
From: vun.list at gmail.com (John Smith)
Subject: Security Hole Found In Dave's Sock

Can we all shut up now? I know most of you are bored, please try to find 
something else to occupy yourselves with. I did not sign up to this list 
for childish banter (even though that is what I get most of the time, 
this is far exceeding the normal limit).



Raj Mathur wrote:
>>>>>>"Ted" == Ted Frederick <tfrederick@...entek.com> writes:
> 
> 
>     Ted> Dear list, I know that this list is not meant for personal
>     Ted> promotion but I think I would be remiss if I did not mention
>     Ted> that my company has recently released an upgrade to our
>     Ted> initial offering of Shoe 1.0.  The upgrade to Shoe 2.0
>     Ted> includes a firewall/anti-virus product previously known as
>     Ted> Sock 3.4563.v54.
> 
>     Ted> The upgrade cost is $19.99. There is also a required software
>     Ted> assurance subscription of $325.79 monthly.
> 
>     Ted> If all goes well with the new product I suspect that we will
>     Ted> be purchased by a major software vendor before year end thus
>     Ted> making updates available on the first Tuesday of every month
>     Ted> to protect against further holes.  These updates will have
>     Ted> vague names with no indication of what they actually fix
>     Ted> which should relieve you of sparing any thought to what risks
>     Ted> you may have been exposed to prior to the patch.
> 
>     Ted> Yes, we have in fact thought of everything so you don't have
>     Ted> to.
> 
> I'm afraid you have fallen into the common trap of suggesting a
> hardwear solution for what is essentially a softwear problem.  I'd
> have been much happier to see the softwear vendors acknowledge this
> vulnerability (it's endemic, not specific to one vendor) and offer
> upgrades to their softwear on a regular basis.
> 
> I'm making a compilation of socks v5.0 softwear available in the
> market and subjecting them to stress testing; the testing includes
> running 2KM after subjecting the softwear to dipping in Sewer 0.2,
> having /bin/cat /bin/sleep on them for 2 days, and a cron job to
> periodically transfer them to and from a Windows system.  The results
> of this testing will be available for a nominal fee(*).
> 
> I also suspect that by the end of the testing the softwear will have
> metamorphosed into those elusive WMDs that have been, uh, eluding us
> for so long.
> 
> (*) Standard nominal fee is half your kingdom and your daughter's hand
> in marriage).
> 
> Regards,
> 
> -- Raju

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ