nanog mailing list archives
Re: possible rsync validation dos vuln
From: Randy Bush <randy () psg com>
Date: Fri, 29 Oct 2021 10:10:26 -0700
there's a public statement about this from NCSC-NL:https://www.ncsc.nl/actueel/nieuws/2021/oktober/29/aanstaande-bekendmaking-cvd-procedure-rpki
blah blah blah bottom line. they gave first notice to devs 4 days before threatened disclosure. that they then asked to embargo was just adding insult to injury. https://en.wikipedia.org/wiki/Responsible_disclosure we will remember their names. like the herzberg incident, "the internet has two weeks to upgrade all microtiks globally before we intentionally break it again." would they do the same to the electric grid or other scada network? the internet's openness and kindness has led them to think we can be abused willy nilly. we will remember their names. randy
Current thread:
- possible rsync validation dos vuln Randy Bush (Oct 28)
- Re: possible rsync validation dos vuln Nick Hilliard (Oct 29)
- Re: possible rsync validation dos vuln Randy Bush (Oct 29)
- Re: possible rsync validation dos vuln Barry Greene (Oct 29)
- Re: possible rsync validation dos vuln Nick Hilliard (Oct 29)
- Re: possible rsync validation dos vuln Nick Hilliard (Oct 29)
- Re: possible rsync validation dos vuln Randy Bush (Oct 29)
- RE: possible rsync validation dos vuln Jean St-Laurent via NANOG (Oct 29)
- RE: possible rsync validation dos vuln Collider (Oct 29)
- Re: possible rsync validation dos vuln Niels Bakker (Oct 29)
- RE: possible rsync validation dos vuln Jean St-Laurent via NANOG (Oct 29)
- Re: possible rsync validation dos vuln Nick Hilliard (Oct 29)