Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Full-disclosure] [ MDKSA-2007:101 ] - Updated bind packages fix vul

from [Vincent Danen] Network Security [Permanent Link]
Subject: Re: [Full-disclosure] [ MDKSA-2007:101 ] - Updated bind packages fix vulnerability
Date: Thu, 10 May 2007 10:19:53 -0600 
* Jeroen Massar <jeroen@unfix.org> [2007-05-10 01:54:20 +0100]:

Jeroen Massar wrote:
security@mandriva.com wrote: 
 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDKSA-2007:101
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : vim
 Date    : May 9, 2007
 Affected: 2007.0, 2007.1


But the subject line reads:

[ MDKSA-2007:101 ] - Updated bind packages fix vulnerability

So is this a spoof or is this a spoof?
Or did somebody make a booboo at Mandriva. The PGP key seems to at least
check out for the fact that the signature on the part of the message
that is signed is correct. As the PGP key is not in the strong set it
can't be really trusted of course.


This was a booboo.  The advisory contents are correct, just the subject
line was incorrect.

Also setting a Reply-To: to a broken xsecurity@mandriva.com absolutely
doesn't make any sense (unless you want to partially overcome the
problem of vacation messages getting bounced back, but hey those people
will nicely ignore your Reply-To anyway....)


Over 60% of the out-of-office or undeliverable messages have been
eliminated by doing this.  It's not 100% effective, but I'll take a 60%
reduction anyday.

--
Vincent Danen @ http://linsec.ca/

Attachment: pgpQsIhxoEGDe.pgp
Description: PGP signature

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Full-disclosure] Michael Daw Anthology Award, David Kierznowski
Next by Date:  Re: [Full-disclosure] Linux big bang theory...., Kradorex Xeron
Previous by Thread:  Re: [Full-disclosure] [ MDKSA-2007:101 ] - Updated bind packages fix vulnerability, Jeroen Massar
Next by Thread:  [Full-disclosure] Secunia Research: BearShare NCTAudioFile2 ActiveX Control Buffer Overflow, Secunia Research
Indexes:  [Date] [Thread] [Top] [All Lists]