| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 13 Jan 2012 16:38:05 -0500 From: Benjamin Kreuter <ben.kreuter@...il.com> To: full-disclosure@...ts.grok.org.uk Subject: Re: Rate Stratfor's Incident Response -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On Fri, 13 Jan 2012 15:17:07 -0600 Paul Schmehl <pschmehl_lists@...rr.com> wrote: > --On January 13, 2012 2:03:36 PM -0600 Laurelai > <laurelai@...echan.org> wrote: > > >> > > Well just remember they could have *not* told you and helped > > themselves to a backdoor. If they wanted to door you they probably > > wouldn't have told you. > > > > Which is precisely what he'd like you to think. So the attacker, hoping to keep his backdoor, will tell you about the vulnerability he exploited that you were presumably not aware of, and then hope that the system is not audited? Of course you are going to audit the system that was attacked. Not because you fear the person who reported the problem, but because there is an exploitable vulnerability that anyone could have exploited. - -- Ben > -- > Paul Schmehl, Senior Infosec Analyst > As if it wasn't already obvious, my opinions > are my own and not those of my employer. > ******************************************* > "It is as useless to argue with those who have > renounced the use of reason as to administer > medication to the dead." Thomas Jefferson > "There are some ideas so wrong that only a very > intelligent person could believe in them." George Orwell > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > - -- Benjamin R Kreuter UVA Computer Science brk7bx@...ginia.edu - -- "If large numbers of people are interested in freedom of speech, there will be freedom of speech, even if the law forbids it; if public opinion is sluggish, inconvenient minorities will be persecuted, even if laws exist to protect them." - George Orwell -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (GNU/Linux) iQIcBAEBCgAGBQJPEKRCAAoJEOV0+MnZK9ijv7MP/3XMMK3h60kAWWaKV+wpC57T eHcO0NAF/+6MWgZGhggCGDP/hCH0xa/mIH/I173ATfxgJJAQVcN/6aPWRQWs3CcJ S4affujeJ+/hgK0FtSMIwEx/jZciuw85hZc4i11IKzEs5Tjhe/CO6jZdlmULI/Ia E+MUk6L2Mb+XlV0dlc7y15lOY+qGVYV6FeAIfyncgmXJScx+ZUi4kBmdJ8ep0HSz Zhl1D19jk6IH7taXYjk78jlRZ1p8gkgsT8R4dL5F/ZkwBMJ2u4ejpXWIKQo+fMXn adpfivtAsHQeMXJffklaV27gWvvfP0fR85HeXSl+pe5JejLLldl7nvezH0GNNAmC 9kKDS/8WP6sG+p2gWo9XfiJvLH9hXcCOgDeUwQ6WFAov65BVXEXuhEKNyRuvf4OX zIGcg5T1YelC9ytE5EzcHRe+pvyzXa2TU6u1dtBFMRXPFCEmMP9SVzU/8HuEJD0P ByIjk+7INYRmyF2qyp3JEM8DRtQJW8I/x8Ll1m822Pdd91n9ILm9wURYT2TUGLJQ 8GvLb3R7uazsKgQxpdF2Pi5wr6QHtMb/L81Fpyqey9WSfyeDJpQtXR4Xl/N6sVwY Kwu22OxHU2hofAwxzjng+/Tz2UI8bBTwcvj+z6hAac/Gw53mgsQ2Byz6rKLg3EK2 3DCnHBRToUChjPVOowbL =fZSB -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists