Re: [Lit.] Buffer overruns
From: Anne & Lynn Wheeler (lynn_at_garlic.com)
Date: 02/06/05
- Previous message: Peter Flass: "Re: Thou shalt have no other gods before the ANSI C standard"
- In reply to: Mack: "Re: [Lit.] Buffer overruns"
- Next in thread: Mack: "Re: [Lit.] Buffer overruns"
- Reply: Mack: "Re: [Lit.] Buffer overruns"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 06 Feb 2005 15:44:53 -0700
Mack <macckone@a_nospamjunk123_ol.com> writes:
> In that case you should probably move the crackers to the can-do
> list. They can and do help make things work by finding problems and
> demonstrating them. I won't get into the whole black-hat/white-hat
> debate. We should all know there are good guys and bad guys out
> there looking for security holes. Certain programming shops (really
> big ones), don't fix problems until there is an active attack
> against that problem.
so june 17th of some year ... the largest online service provider
started having one of its internet connected service crash. for the
next two months they had everybody they could think of come in to look
at it ... but it continued to crash. so aug. 17, somebody came out and
bought me a hamburger after work and while i ate it ... explained the
symptoms. i then gave him a q&d work around patch that was applied
later that night.
i made the rounds of the usual vendors that sell stuff that involves
tcp/ip and/or connecting to the internet ... suggesting that maybe
they do something to address the problem; nobody was interested.
almost exactly a year later a similar symptom hit a service provider
in manhatten (it may have possibly even been aug. 17th of the
following year) and all of a sudden it was in the press ... and now
you saw the usual players telling the press about how fast they were
addressing the problem.
now that particular service provider (that made the press) ... i
believe may be the same one that was recently in the press with the
domain name hijacking problem.
some recent domain name hijacking refs:
http://www.theregister.co.uk/2005/01/17/panix_domain_hijack/
http://news.zdnet.co.uk/internet/security/0,39020375,39184371,00.htm
http://www.securityfocus.com/news/10311
http://www.ebcvg.com/news.php?id=4511
http://www.net4nowt.com/isp_news/news_article.asp?News_ID=2615
http://www.technewsworld.com/story/ebiz/panix-domain-name-hijack-39791.html
http://www.thestandard.com/internetnews/000845.php
some random past posts mentioning domain name hijacking
http://www.garlic.com/~lynn/aadsm4.htm#3 Public Key Infrastructure: An Artifact...
http://www.garlic.com/~lynn/aadsmore.htm#client1 Client-side revocation checking capability
http://www.garlic.com/~lynn/aadsmore.htm#client3 Client-side revocation checking capability
http://www.garlic.com/~lynn/aadsmore.htm#client4 Client-side revocation checking capability
http://www.garlic.com/~lynn/aadsmore.htm#pkiart Public Key Infrastructure: An Artifact...
http://www.garlic.com/~lynn/aadsmore.htm#pkiart2 Public Key Infrastructure: An Artifact...
http://www.garlic.com/~lynn/aepay4.htm#dnsinteg2 Domain Name integrity problem
http://www.garlic.com/~lynn/aadsm8.htm#softpki2 Software for PKI
http://www.garlic.com/~lynn/aadsm8.htm#softpki16 DNSSEC (RE: Software for PKI)
http://www.garlic.com/~lynn/aadsm9.htm#cfppki5 CFP: PKI research workshop
http://www.garlic.com/~lynn/aadsm10.htm#cfppki20 CFP: PKI research workshop
http://www.garlic.com/~lynn/aepay11.htm#37 Who's afraid of Mallory Wolf?
http://www.garlic.com/~lynn/aadsm14.htm#1 Who's afraid of Mallory Wolf?
http://www.garlic.com/~lynn/aadsm15.htm#28 SSL, client certs, and MITM (was WYTM?)
http://www.garlic.com/~lynn/aadsm17.htm#60 Using crypto against Phishing, Spoofing and Spamming
http://www.garlic.com/~lynn/aadsm18.htm#17 should you trust CAs? (Re: dual-use digital signature vulnerability)
http://www.garlic.com/~lynn/2000e.html#40 Why trust root CAs ?
http://www.garlic.com/~lynn/2000e.html#47 Why trust root CAs ?
http://www.garlic.com/~lynn/2001d.html#41 solicit advice on purchase of digital certificate
http://www.garlic.com/~lynn/2001e.html#39 Can I create my own SSL key?
http://www.garlic.com/~lynn/2001e.html#40 Can I create my own SSL key?
http://www.garlic.com/~lynn/2001g.html#19 Root certificates
http://www.garlic.com/~lynn/2001l.html#26 voice encryption box (STU-III for the masses)
http://www.garlic.com/~lynn/2001n.html#57 Certificate Authentication Issues in IE and Verisign
http://www.garlic.com/~lynn/2001n.html#73 A PKI question and an answer
http://www.garlic.com/~lynn/2004b.html#39 SSL certificates
http://www.garlic.com/~lynn/2004h.html#28 Convince me that SSL certificates are not a big scam
-- Anne & Lynn Wheeler | http://www.garlic.com/~lynn/
- Previous message: Peter Flass: "Re: Thou shalt have no other gods before the ANSI C standard"
- In reply to: Mack: "Re: [Lit.] Buffer overruns"
- Next in thread: Mack: "Re: [Lit.] Buffer overruns"
- Reply: Mack: "Re: [Lit.] Buffer overruns"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
