Re: [Lit.] Buffer overruns
From: Mack (macckone_at_a_nospamjunk123_ol.com)
Date: 02/07/05
- Next message: Xcott Craver: "Re: [Lit.] Buffer overruns"
- Previous message: Johnny Bravo: "Re: Indonesian Oil, current planned negotiations in Helsinki, Martti Ahtisaari / Bill Clinton / GWB / THE U.S. CIA and Henry Kissinger --- the control for oil and Indonesian oil fields - Security Police (SUPO) of Finland is trying to protect these Helsin"
- In reply to: Anne & Lynn Wheeler: "Re: [Lit.] Buffer overruns"
- Next in thread: Brian Inglis: "Re: [Lit.] Buffer overruns"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 07 Feb 2005 01:34:07 GMT
On Sun, 06 Feb 2005 15:44:53 -0700, Anne & Lynn Wheeler
<lynn@garlic.com> wrote:
>Mack <macckone@a_nospamjunk123_ol.com> writes:
>> In that case you should probably move the crackers to the can-do
>> list. They can and do help make things work by finding problems and
>> demonstrating them. I won't get into the whole black-hat/white-hat
>> debate. We should all know there are good guys and bad guys out
>> there looking for security holes. Certain programming shops (really
>> big ones), don't fix problems until there is an active attack
>> against that problem.
>
>so june 17th of some year ... the largest online service provider
>started having one of its internet connected service crash. for the
>next two months they had everybody they could think of come in to look
>at it ... but it continued to crash. so aug. 17, somebody came out and
>bought me a hamburger after work and while i ate it ... explained the
>symptoms. i then gave him a q&d work around patch that was applied
>later that night.
>
>i made the rounds of the usual vendors that sell stuff that involves
>tcp/ip and/or connecting to the internet ... suggesting that maybe
>they do something to address the problem; nobody was interested.
>
>almost exactly a year later a similar symptom hit a service provider
>in manhatten (it may have possibly even been aug. 17th of the
>following year) and all of a sudden it was in the press ... and now
>you saw the usual players telling the press about how fast they were
>addressing the problem.
Suprising how quick stuff does get fixed once it is a headline.
>
>now that particular service provider (that made the press) ... i
>believe may be the same one that was recently in the press with the
>domain name hijacking problem.
>
>some recent domain name hijacking refs:
>http://www.theregister.co.uk/2005/01/17/panix_domain_hijack/
>http://news.zdnet.co.uk/internet/security/0,39020375,39184371,00.htm
>http://www.securityfocus.com/news/10311
>http://www.ebcvg.com/news.php?id=4511
>http://www.net4nowt.com/isp_news/news_article.asp?News_ID=2615
>http://www.technewsworld.com/story/ebiz/panix-domain-name-hijack-39791.html
>http://www.thestandard.com/internetnews/000845.php
>
>some random past posts mentioning domain name hijacking
>http://www.garlic.com/~lynn/aadsm4.htm#3 Public Key Infrastructure: An Artifact...
>http://www.garlic.com/~lynn/aadsmore.htm#client1 Client-side revocation checking capability
>http://www.garlic.com/~lynn/aadsmore.htm#client3 Client-side revocation checking capability
>http://www.garlic.com/~lynn/aadsmore.htm#client4 Client-side revocation checking capability
>http://www.garlic.com/~lynn/aadsmore.htm#pkiart Public Key Infrastructure: An Artifact...
>http://www.garlic.com/~lynn/aadsmore.htm#pkiart2 Public Key Infrastructure: An Artifact...
>http://www.garlic.com/~lynn/aepay4.htm#dnsinteg2 Domain Name integrity problem
>http://www.garlic.com/~lynn/aadsm8.htm#softpki2 Software for PKI
>http://www.garlic.com/~lynn/aadsm8.htm#softpki16 DNSSEC (RE: Software for PKI)
>http://www.garlic.com/~lynn/aadsm9.htm#cfppki5 CFP: PKI research workshop
>http://www.garlic.com/~lynn/aadsm10.htm#cfppki20 CFP: PKI research workshop
>http://www.garlic.com/~lynn/aepay11.htm#37 Who's afraid of Mallory Wolf?
>http://www.garlic.com/~lynn/aadsm14.htm#1 Who's afraid of Mallory Wolf?
>http://www.garlic.com/~lynn/aadsm15.htm#28 SSL, client certs, and MITM (was WYTM?)
>http://www.garlic.com/~lynn/aadsm17.htm#60 Using crypto against Phishing, Spoofing and Spamming
>http://www.garlic.com/~lynn/aadsm18.htm#17 should you trust CAs? (Re: dual-use digital signature vulnerability)
>
>http://www.garlic.com/~lynn/2000e.html#40 Why trust root CAs ?
>http://www.garlic.com/~lynn/2000e.html#47 Why trust root CAs ?
>http://www.garlic.com/~lynn/2001d.html#41 solicit advice on purchase of digital certificate
>http://www.garlic.com/~lynn/2001e.html#39 Can I create my own SSL key?
>http://www.garlic.com/~lynn/2001e.html#40 Can I create my own SSL key?
>http://www.garlic.com/~lynn/2001g.html#19 Root certificates
>http://www.garlic.com/~lynn/2001l.html#26 voice encryption box (STU-III for the masses)
>http://www.garlic.com/~lynn/2001n.html#57 Certificate Authentication Issues in IE and Verisign
>http://www.garlic.com/~lynn/2001n.html#73 A PKI question and an answer
>http://www.garlic.com/~lynn/2004b.html#39 SSL certificates
>http://www.garlic.com/~lynn/2004h.html#28 Convince me that SSL certificates are not a big scam
I tend to agree with the idea of securing the DNS structure and
eliminating the SSL domain name certificate (which is fairly useless).
What good does an SSL certificate do if it points at a highjacked
domain name?
Leslie 'Mack' McBride
remove text between _ marks to respond via e-mail
- Next message: Xcott Craver: "Re: [Lit.] Buffer overruns"
- Previous message: Johnny Bravo: "Re: Indonesian Oil, current planned negotiations in Helsinki, Martti Ahtisaari / Bill Clinton / GWB / THE U.S. CIA and Henry Kissinger --- the control for oil and Indonesian oil fields - Security Police (SUPO) of Finland is trying to protect these Helsin"
- In reply to: Anne & Lynn Wheeler: "Re: [Lit.] Buffer overruns"
- Next in thread: Brian Inglis: "Re: [Lit.] Buffer overruns"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
