RE: Anonymized posting

["Thor Larholm" <thor () pivx com>]

So let met get this straight, they have put up a temporary site with no
real details about the compromise (just a link to the exploit) and a
patch for download by administrators - who would want to vouch for the
integrity of that patch when the server is running OpenSSL 0.9.6b? ;)


Regards

Thor Larholm
Senior Security Researcher
PivX Solutions
24 Corporate Plaza #180
Newport Beach, CA 92660
http://www.pivx.com
thor () pivx com
Stock symbol: (PIVX)
Phone: +1 (949) 231-8496
PGP: 0x5A276569
6BB1 B77F CB62 0D3D 5A82 C65D E1A4 157C 5A27 6569

PivX defines a new genre in Desktop Security: Proactive Threat
Mitigation. 
<http://www.pivx.com/qwikfix>

-----Original Message-----
From: Dave Aitel [mailto:dave () immunitysec com] 
Sent: Friday, May 28, 2004 11:14 AM
To: dailydave () lists immunitysec com
Subject: [Dailydave] Anonymized posting


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

http://uptime.netcraft.com/up/graph?site=cvshome.org&probe=1

"Apache/1.3.22 (Unix) (Red-Hat/Linux) mod_ssl/2.8.4 OpenSSL/0.9.6b
PHP/4.0.6 mod_perl/1.26 mod_throttle/3.1.2"

One can only hope that this was put online as a honeypot, after the
recent publication of a sustained two-year compromise of cvshome.org.

What backdoored opensource project owned you today?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFAt4GAzOrqAtg8JS8RAsUpAJ0QV9UK0XbdwJtKIelvHyMPr1piGwCgq7HK
alIkt7cMILweZ/6OVJBbiPs=
=8xe4
-----END PGP SIGNATURE-----

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://www.immunitysec.com/mailman/listinfo/dailydave
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://www.immunitysec.com/mailman/listinfo/dailydave