Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: DJB's students release 44 *nix software vulnerability advisories

from [Artem Chuprina] Network Security [Permanent Link]
Subject: Re: DJB's students release 44 *nix software vulnerability advisories
Date: Tue, 21 Dec 2004 19:53:35 +0300 
D. J. Bernstein -> bugtraq@securityfocus.com  @ 18 Dec 2004 04:25:11 -0000:


In each case, Professor Bernstein notified the author of the
vulnerable package on Dec 15 via e-mail. This mail hit Bugtraq on the
16th, giving one day for vendors to provide fixes.


 DJB> Actually, I sent all of these notifications to the public
 DJB> securesoftware mailing list (http://securesoftware.list.cr.yp.to)
 DJB> at the same time that I sent them to the authors. It certainly
 DJB> wasn't my intention to give the authors an extra day of
 DJB> self-delusion.

Was it your intention not to give _users_ of their programs an extra
time of not being _widely_ attacked?  While you certainly cannot offer
them alternative software for their tasks - of your own programs only
ezmlm with third-party patches is more than proof of concept.  We need
software that does the work, not only one that demonstrates that the
work can be done in principle.

-- 
Artem Chuprina
RFC2822: <ran{}ran.pp.ru> Jabber: ran@jabber.ran.pp.ru
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  SUSE Security Announcement: various kernel problems (SUSE-SA:2004:044), Marcus Meissner
Next by Date:  Re: DJB's students release 44 *nix software vulnerability advisories, Dave Holland
Previous by Thread:  Re: DJB's students release 44 *nix software vulnerability advisories, D. J. Bernstein
Next by Thread:  Re: DJB's students release 44 *nix software vulnerability advisories, Stephen Samuel
Indexes:  [Date] [Thread] [Top] [All Lists]