Full Disclosure mailing list archives
Re: Apache Killer
From: Valdis.Kletnieks () vt edu
Date: Fri, 26 Aug 2011 11:44:17 -0400
On Fri, 26 Aug 2011 16:19:31 +0300, Georgi Guninski said:
ok, there might be some sense in using canonical names, but why chose possibly the worst service available?
"possibly" doesn't mean much unless you have an actual point to make.
from their front page: "CVE®" - remember, remember what happened with the securityfocus/bugtraq exploit DB?
I doubt Mitre has any such plans - the "®" is there mostly so they can take action against people who invent their own CVE numbers.
btw, all the shitty id that should be "used" says:
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
I beleive those are pools allocated to the various CVE Numbering Authorities: https://cve.mitre.org/cve/cna.html#participating_cnas Each of those vendors and researchers has a small pool of pre-assigned numbers they can use - so if Apple or Microsoft gets notified of a vulnerability, they can peel off the next number from their pool and use it without the delay of going back to Mitre to get a number assigned. It usually *doesn't* mean people are sitting on unannounced stuff - it means people are sitting on numbers to use quickly if they have to make an announcement.
Attachment:
_bin
Description:
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Apache Killer, (continued)
- Re: Apache Killer Douglas Huff (Aug 24)
- Re: Apache Killer Davide Guerri (Aug 24)
- Message not available
- Re: Apache Killer -= Glowing Sex =- (Aug 24)
- Re: Apache Killer -= Glowing Sex =- (Aug 20)
- Re: Apache Killer Sheran Gunasekera (Aug 21)
- Re: Apache Killer Georgi Guninski (Aug 25)
- Re: Apache Killer Valdis . Kletnieks (Aug 25)
- Re: Apache Killer Georgi Guninski (Aug 26)
- Re: Apache Killer Valdis . Kletnieks (Aug 26)
- Re: Apache Killer nix (Aug 26)
- Re: Apache Killer Ulises2k (Aug 26)
- Re: Apache Killer Jari Fredriksson (Aug 22)