Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 14 Oct 2014 22:48:00 -0700
From: Walter Parker <walterp@...il.com>
To: oss-security@...ts.openwall.com
Subject: Re: Truly scary SSL 3.0 vuln to be revealed soon:

Yea, reposting a link to an Internationally read news site doesn't seem
like much of an issue.

Posting the exploit code a week ahead of time, maybe, but reposting that
there is a problem in a 15 year protocol that uses parts with known
weaknesses, which was to be released less than 12 hours later, doesn't look
like a problem.

What is this list's policy on Full Disclosure?

What is this list's policy on sourced/unsourced security rumors?

Why do people on lists like this seem to think that censoring themselves
and others will actually do any good. That somehow the oss-security post
will be the straw that broke the camel's back and not the Internationally
read news site (or all the black hat/pirate sites)? How many posts to
oss-security are patient zero for embargo breaking? What about just
responsible for any cracking happening in the real world?


On Tue, Oct 14, 2014 at 10:28 PM, Sona Sarmadi <sona.sarmadi@...a.com>
wrote:

> Thanks Hanno,
>
> A reflection: Maybe we shouldn't post  information like this here or
> somewhere else which is not published yet even if the information has leak
> out? Although all members here are reliable but it is still an open mailing
> list and we should be careful and act more responsible.
>
> Cheers
> Sona
>
> > It's out:
> >
> > https://www.openssl.org/~bodo/ssl-poodle.pdf
> > http://googleonlinesecurity.blogspot.de/2014/10/this-poodle-bites-
> > exploiting-ssl-30.html
> >
> > My conclusion stays the same: Disable SSLv3.
> >
> > --
> > Hanno Böck
> > http://hboeck.de/
> >
> > mail/jabber: hanno@...eck.de
> > GPG: BBB51E42
>



-- 
The greatest dangers to liberty lurk in insidious encroachment by men of
zeal, well-meaning but without understanding.   -- Justice Louis D. Brandeis

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ