Date: Thu, 08 Feb 2001 17:06:26 -0800 From: Kris Kennaway <kris@obsecurity.org> To: Terry Lambert <tlambert@primenet.com> Cc: freebsd-chat@FreeBSD.org Subject: Re: FreeBSD Ports Security Advisory: FreeBSD-SA-01:INSERT_NUMBER_HERE Message-ID: <20010208170626.A50989@mollari.cthul.hu> In-Reply-To: <200102090101.SAA29682@usr08.primenet.com>; from tlambert@primenet.com on Fri, Feb 09, 2001 at 01:00:59AM %2B0000 References: <200102082016.PAA29933@vws3.interlog.com> <200102090101.SAA29682@usr08.primenet.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--2oS5YaxWCcQjTEyO Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Feb 09, 2001 at 01:00:59AM +0000, Terry Lambert wrote: > > Topic: FreeBSD on record to set most advisory releases for > > year 2001 >=20 > Heh. But obviously someone is out to challenge them for the record, > issuing these ones, since they weren't issued by FreeBSD. >=20 > [ ... ] >=20 > > We will not be mentioning the ultra secure OpenBSD operating system > > since we feel it is not our problem and does not help to promote a > > better OS than our own. >=20 > The interesting problem here is that OpenBSD is vulnerable to > hardware limitation based attacks at boot time. They themselves > draw the line at auditing the hardware and firmware of every > motherboard out there. Some viable attacks on OpenBSD can still > be instituted via a network connection. You have to draw the > line somewhere, and that's one of the places they draw theirs. Actually, what I find really funny is that this guy doesn't realise that OpenBSD have many of the same ports in their ports collection, which are vulnerable to the same problems. They just don't have the resources (or desire, or whatever - I'm not knocking OpenBSD for this) to write advisories for them. Kris --2oS5YaxWCcQjTEyO Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE6g0KSWry0BWjoQKURAnkWAKD8ciIWBr7HPuNwINx9CQ+OSiSATgCgllmp ts0ifbylmbFrIUYhkhqlScQ= =WsgP -----END PGP SIGNATURE----- --2oS5YaxWCcQjTEyO-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010208170626.A50989>