Re: was Core Internet Vulnerable - News at 11:00 -= Your message to Full-Disclosure awaits moderator approval

[Byron Copeland <nodialtone () comcast net>]

heh,

I know, Sucks.  I've been moderated on occasion myself a couple of times
on this 'non-moderated list'.

Does it now mean FULL-DISCLOSURE = 'Post at your own risk?'  it's
getting like the security-basics or bug-traq list, or anything else
SECURITY-FOCUS IS_NOT_CONCENTRATING_ON' LIST.  Anything you post there
gets 5 days of scrutiny because it isn't politically correct to post
expert opinions or comments to such f'd up lists.

Try to send people to the bank to buy a clue or research the problem and
then they say isn't appropriate for this forums or the moderators answer
to is that the reply is:
tooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo

break, toooooooooooooooooooooooooooo, long.   

I could add more bytes, then this would be censored as well.

Ok, Ok, solution?

-b


On Tue, 2004-04-20 at 21:45, Steve Menard wrote:
> Moderation of an un-moderated list at it's best
> on an valid subject no less ....
> I guess it's my bad as its not named early disclosure
>
> So, malware below 20k ........ Ca CHING
> Bet this fits whithin the 20K  ;-)
> and takes what xx minutes to make it to the last victim
>
> At 16:48 AST [1548EST]  
> I sent David Ahmed's copy of [NISCC Vulnerability Advisory 236929: 
> Vulnerability Issues in TCP] forwarded from the UK
>  In reply to
>
> Crist J. Clark wrote:
>
> > Does anyone know WTF they are trying to say in this AP article,
> > "Core Internet Technology Is Vulnerable,"
> >
> >  http://story.news.yahoo.com/news?tmpl=story&cid=562&ncid=738&e=1&u=/ap/20040420/ap_on_hi_te/internet_threat
> >
> > It sounds like they are talking about a sequence number guessing
> > attack on TCP BGP sessions? Sequence number prediction isn't really
> > a new attack, but the story says,
> >
> >  "Experts previously maintained such attacks could take between
> >   four years and 142 years to succeed because they require guessing
> >   a rotating number from roughly 4 billion possible combinations.
> >   Watson said he can guess the proper number with as few as four
> >   attempts, which can be accomplished within seconds."
> >
> > Hmmm... Four attempts... And the story makes it sound like a 
> > cross-platform attack, not a bug in a particular OS's ISN generation.
> > FUD or is there something here?
> >  
>
> I found this [below] in my in basket
> Luckily I sent Christ the email OFF_LINE
> smenard
>
> PS BONUS POINTS:  Dr Phil can't participate
> can any one tell me why I feel like swearing?
> full disclosure.....................Limited of course ;-)
>
> Your mail to 'Full-Disclosure' with the subject
>
>     Re: [Full-Disclosure] Core Internet Vulnerable - News at 11:00
>
> Is being held until the list moderator can review it for approval.
>
> The reason it is being held:
>
>     Message body is too big: 46716 bytes but there's a limit of 20 KB
>
> Either the message will get posted to the list, or you will receive
> notification of the moderator's decision.
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html

Attachment: signature.asc
Description: This is a digitally signed message part