| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAEJizbbB7M8Jg34oDHGKGHJERaAAoW=Ctn1D1P5DcvWWnX9Dhw@mail.gmail.com> Date: Thu, 6 Sep 2012 09:53:37 +0100 From: Benji <me@...ji.com> To: "Michael D. Wood" <mike@...ecuritypros.org> Cc: full-disclosure@...ts.grok.org.uk, "Zach C." <fxchip@...il.com> Subject: Re: Splunk Vulnerability well Im glad we got multiple emails saying you all agree,. On Thu, Sep 6, 2012 at 8:50 AM, Michael D. Wood <mike@...ecuritypros.org> wrote: > I agree. Splunk *IS* doing what it was designed to do. > > > > -- > > Michael D. Wood > > ITSecurityPros.org > > www.itsecuritypros.org > > > > From: JxT [mailto:jxt.lists@...il.com] > Sent: Thursday, September 06, 2012 2:19 AM > To: Zach C. > Cc: Michael D. Wood; full-disclosure@...ts.grok.org.uk > Subject: Re: [Full-disclosure] Splunk Vulnerability > > > > On Wed, Sep 5, 2012 at 11:30 PM, Zach C. <fxchip@...il.com> wrote: > > 1.) The tool, Splunk, is designed to index logs > 2.) Logs are arbitrary files. > Therefore, > 3.) Splunk is designed to index arbitrary files. > > > > Agreed, Splunk is doing exactly what it's designed to do. This is not a > vulnerability within Splunk itself. > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists