Date: Mon, 03 May 1999 20:42:48 -0700 From: "Jordan K. Hubbard" <jkh@zippy.cdrom.com> To: Mike Smith <mike@smith.net.au> Cc: Seth <seth@freebie.dp.ny.frb.org>, freebsd-stable@FreeBSD.ORG, security@FreeBSD.ORG, jamie@exodus.net Subject: Re: FreeBSD 3.1 remote reboot exploit (fwd) Message-ID: <30986.925789368@zippy.cdrom.com> In-Reply-To: Your message of "Mon, 03 May 1999 18:40:30 PDT." <199905040140.SAA01305@dingo.cdrom.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> I have to say that Jamie really let us down by not running a raw > tcpdump alongside the second targetted machine here. Any chance of > provoking these people into "demonstrating" the exploit on a machine, > while another connected to the same wire is running I'd say he or whomever first reported this to bugtraq let us down even more by releasing an "advisory" in such an unknown and unverifyable state. By doing so, all they've done is hand ammunition to the FUD corps and given us no reasonable chance to respond since the advisory is so content-free as to be completely worthless. Saying that "you saw something crash the box" is like telling the highway patrol that you "saw a stranded motorist somewhere between San Francisco and New York (and oh yeah, it was on a road!)" - what the hell are they supposed to do with a report like that? Auditing the entire operating system in search of such a reboot bug would be about as effective (and practical) as trying to search the entire U.S. highway system from coast to coast. If we want to actually achieve something with these little security alerts (other than to get people to stop reading them because they cry "Wolf!" all the time), we need to do a lot better than this. This didn't even meet the most minimal standards for competence I'd expect from someone in this industry. - Jordan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?30986.925789368>