Bugtraq mailing list archives
CERT Bashing, etc
From: aleph1 () dfw net (Aleph One)
Date: Thu, 19 Dec 1996 18:40:00 -0600
I am cutting this thread here. BugTraq is not a forum to bash CERT or discuss their policies. But before I let it go a final thought to think over. People don't have to post to this list. If they do so it's for the good of the community. Even groups like SOD that publish exploits every week. They could just as well post their exploits to some underground hacker board and let all those HPUX boxes on the net get broken into. Instead they post them here. Where everyone, including HP, can see them. Don't kill the messenger as they day. It seem people have forgotten what quality software is. We no longer find the software vendors at fault for providing broken software. Instead we blame it on those that bring the holes to light. How many more holes should SOD, or Yuri, or anyone with some free time, post to this list before you go screaming at your vendor you want your money back? It's not rocket science. Almost every single vulnerability found fits nicely in one of few categories. Its not that difficult to check for them before sending a product to the cd burner. Aleph One / aleph1 () dfw net http://underground.org/ KeyID 1024/948FD6B5 Fingerprint EE C9 E8 AA CB AF 09 61 8C 39 EA 47 A8 6A B8 01
Current thread:
- Re: Possible Denial of Service: SSH, (continued)
- Re: Possible Denial of Service: SSH Jim Dennis (Dec 18)
- Re: Possible Denial of Service: SSH Sven Gestegard (Dec 18)
- Exploit for ppp bug (FreeBSD 2.1.0). Leshka Zakharoff (Dec 18)
- CIAC Bulletin H-17: cron/crontab Buffer Overrun Vulnerabilities David Crawford (Dec 19)
- NT vulnerable to attack on CPU Aleph One (Dec 19)
- CERT/AUCERT Mycroft (Dec 19)
- Re: CERT/AUCERT itudps (Dec 19)
- Re: CERT/AUCERT Aleph One (Dec 19)
- Re: CERT/AUCERT Theo de Raadt (Dec 19)
- Slow vendor response Alan Cox (Dec 20)
- CERT Bashing, etc Aleph One (Dec 19)
- Re: CERT/AUCERT Yuri Volobuev (Dec 19)
- Re: CERT/AUCERT Tung-Hui Hu (Dec 19)
- TCP bug on old Solaris box ? Gilles Soulet (Dec 20)
- Re: TCP bug on old Solaris box ? Nathan Lawson (Dec 21)
- Buffer overflow in Linux's login program Joe Zbiciak (Dec 22)
- Solaris 2.5 x86 aspppd (semi-exploitable-hole) Thamer Al-Herbish (Dec 20)
- CERT, CIAC, etc. and unethical practices Thamer Al-Herbish (Dec 20)
- ANNOUNCE: Crack v5.0a available... Alec Muffett (Dec 20)
- Security Survey Aleph One (Dec 20)