oss-sec mailing list archives
Re: Truly scary SSL 3.0 vuln to be revealed soon:
From: Walter Parker <walterp () gmail com>
Date: Tue, 14 Oct 2014 22:48:00 -0700
Yea, reposting a link to an Internationally read news site doesn't seem like much of an issue. Posting the exploit code a week ahead of time, maybe, but reposting that there is a problem in a 15 year protocol that uses parts with known weaknesses, which was to be released less than 12 hours later, doesn't look like a problem. What is this list's policy on Full Disclosure? What is this list's policy on sourced/unsourced security rumors? Why do people on lists like this seem to think that censoring themselves and others will actually do any good. That somehow the oss-security post will be the straw that broke the camel's back and not the Internationally read news site (or all the black hat/pirate sites)? How many posts to oss-security are patient zero for embargo breaking? What about just responsible for any cracking happening in the real world? On Tue, Oct 14, 2014 at 10:28 PM, Sona Sarmadi <sona.sarmadi () enea com> wrote:
Thanks Hanno, A reflection: Maybe we shouldn't post information like this here or somewhere else which is not published yet even if the information has leak out? Although all members here are reliable but it is still an open mailing list and we should be careful and act more responsible. Cheers SonaIt's out: https://www.openssl.org/~bodo/ssl-poodle.pdf http://googleonlinesecurity.blogspot.de/2014/10/this-poodle-bites- exploiting-ssl-30.html My conclusion stays the same: Disable SSLv3. -- Hanno Böck http://hboeck.de/ mail/jabber: hanno () hboeck de GPG: BBB51E42
-- The greatest dangers to liberty lurk in insidious encroachment by men of zeal, well-meaning but without understanding. -- Justice Louis D. Brandeis
Current thread:
- Truly scary SSL 3.0 vuln to be revealed soon: Sona Sarmadi (Oct 14)
- Re: Truly scary SSL 3.0 vuln to be revealed soon: Hanno Böck (Oct 14)
- Re: Truly scary SSL 3.0 vuln to be revealed soon: Reed Loden (Oct 14)
- Re: Truly scary SSL 3.0 vuln to be revealed soon: Alex Gaynor (Oct 14)
- Re: Truly scary SSL 3.0 vuln to be revealed soon: Reed Loden (Oct 14)
- Re: Truly scary SSL 3.0 vuln to be revealed soon: Reed Loden (Oct 14)
- Re: Truly scary SSL 3.0 vuln to be revealed soon: Hanno Böck (Oct 14)
- Re: Truly scary SSL 3.0 vuln to be revealed soon: Hanno Böck (Oct 14)
- RE: Truly scary SSL 3.0 vuln to be revealed soon: Sona Sarmadi (Oct 14)
- Re: Truly scary SSL 3.0 vuln to be revealed soon: Walter Parker (Oct 14)
- Re: Truly scary SSL 3.0 vuln to be revealed soon: Brandon Whaley (Oct 15)
- list policy (Re: Truly scary SSL 3.0 vuln to be revealed soon:) Solar Designer (Oct 15)
- Re: list policy (Re: Truly scary SSL 3.0 vuln to be revealed soon:) Alexander Cherepanov (Oct 28)
- Re: list policy (Re: Truly scary SSL 3.0 vuln to be revealed soon:) Kurt Seifried (Oct 28)
- Re: list policy (Re: Truly scary SSL 3.0 vuln to be revealed soon:) Alexander Cherepanov (Oct 28)
- Re: list policy (Re: Truly scary SSL 3.0 vuln to be revealed soon:) Kurt Seifried (Oct 28)
- Re: list policy (Re: Truly scary SSL 3.0 vuln to be revealed soon:) Michal Zalewski (Oct 29)
- Re: list policy (Re: Truly scary SSL 3.0 vuln to be revealed soon:) Dave Horsfall (Oct 29)
- Re: list policy (Re: Truly scary SSL 3.0 vuln to be revealed soon:) Michal Zalewski (Oct 29)
- RE: Truly scary SSL 3.0 vuln to be revealed soon: Sona Sarmadi (Oct 14)
- Re: list policy (Re: Truly scary SSL 3.0 vuln to be revealed soon:) Solar Designer (Nov 03)