RE: Security Hole Found In Dave's Sock

["Grant Rietze" <security () weretiger ca>]

I concur,

It was fun until it got excessive.

> -----Original Message-----
> From: John Smith [mailto:vun.list () gmail com]
> Sent: September 8, 2005 1:28 PM
> To: full-disclosure () lists grok org uk
> Subject: Re: [Full-disclosure] Security Hole Found In Dave's Sock
>
> Can we all shut up now? I know most of you are bored, please try to find
> something else to occupy yourselves with. I did not sign up to this list
> for childish banter (even though that is what I get most of the time,
> this is far exceeding the normal limit).
>
>
>
> Raj Mathur wrote:
> > > > > > > "Ted" == Ted Frederick <tfrederick () ascentek com> writes:
> >
> >
> >     Ted> Dear list, I know that this list is not meant for personal
> >     Ted> promotion but I think I would be remiss if I did not mention
> >     Ted> that my company has recently released an upgrade to our
> >     Ted> initial offering of Shoe 1.0.  The upgrade to Shoe 2.0
> >     Ted> includes a firewall/anti-virus product previously known as
> >     Ted> Sock 3.4563.v54.
> >
> >     Ted> The upgrade cost is $19.99. There is also a required software
> >     Ted> assurance subscription of $325.79 monthly.
> >
> >     Ted> If all goes well with the new product I suspect that we will
> >     Ted> be purchased by a major software vendor before year end thus
> >     Ted> making updates available on the first Tuesday of every month
> >     Ted> to protect against further holes.  These updates will have
> >     Ted> vague names with no indication of what they actually fix
> >     Ted> which should relieve you of sparing any thought to what risks
> >     Ted> you may have been exposed to prior to the patch.
> >
> >     Ted> Yes, we have in fact thought of everything so you don't have
> >     Ted> to.
> >
> > I'm afraid you have fallen into the common trap of suggesting a
> > hardwear solution for what is essentially a softwear problem.  I'd
> > have been much happier to see the softwear vendors acknowledge this
> > vulnerability (it's endemic, not specific to one vendor) and offer
> > upgrades to their softwear on a regular basis.
> >
> > I'm making a compilation of socks v5.0 softwear available in the
> > market and subjecting them to stress testing; the testing includes
> > running 2KM after subjecting the softwear to dipping in Sewer 0.2,
> > having /bin/cat /bin/sleep on them for 2 days, and a cron job to
> > periodically transfer them to and from a Windows system.  The results
> > of this testing will be available for a nominal fee(*).
> >
> > I also suspect that by the end of the testing the softwear will have
> > metamorphosed into those elusive WMDs that have been, uh, eluding us
> > for so long.
> >
> > (*) Standard nominal fee is half your kingdom and your daughter's hand
> > in marriage).
> >
> > Regards,
> >
> > -- Raju
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/