heh, I know, Sucks. I've been moderated on occasion myself a couple of times on this 'non-moderated list'. Does it now mean FULL-DISCLOSURE = 'Post at your own risk?' it's getting like the security-basics or bug-traq list, or anything else SECURITY-FOCUS IS_NOT_CONCENTRATING_ON' LIST. Anything you post there gets 5 days of scrutiny because it isn't politically correct to post expert opinions or comments to such f'd up lists. Try to send people to the bank to buy a clue or research the problem and then they say isn't appropriate for this forums or the moderators answer to is that the reply is: tooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo break, toooooooooooooooooooooooooooo, long. I could add more bytes, then this would be censored as well. Ok, Ok, solution? -b On Tue, 2004-04-20 at 21:45, Steve Menard wrote: > Moderation of an un-moderated list at it's best > on an valid subject no less .... > I guess it's my bad as its not named early disclosure > > So, malware below 20k ........ Ca CHING > Bet this fits whithin the 20K ;-) > and takes what xx minutes to make it to the last victim > > At 16:48 AST [1548EST] > I sent David Ahmed's copy of [NISCC Vulnerability Advisory 236929: > Vulnerability Issues in TCP] forwarded from the UK > In reply to > > Crist J. Clark wrote: > > >Does anyone know WTF they are trying to say in this AP article, > >"Core Internet Technology Is Vulnerable," > > > > > > http://story.news.yahoo.com/news?tmpl=story&cid=562&ncid=738&e=1&u=/ap/20040420/ap_on_hi_te/internet_threat > > > >It sounds like they are talking about a sequence number guessing > >attack on TCP BGP sessions? Sequence number prediction isn't really > >a new attack, but the story says, > > > > "Experts previously maintained such attacks could take between > > four years and 142 years to succeed because they require guessing > > a rotating number from roughly 4 billion possible combinations. > > Watson said he can guess the proper number with as few as four > > attempts, which can be accomplished within seconds." > > > >Hmmm... Four attempts... And the story makes it sound like a > >cross-platform attack, not a bug in a particular OS's ISN generation. > >FUD or is there something here? > > > > > > I found this [below] in my in basket > Luckily I sent Christ the email OFF_LINE > smenard > > PS BONUS POINTS: Dr Phil can't participate > can any one tell me why I feel like swearing? > full disclosure.....................Limited of course ;-) > > Your mail to 'Full-Disclosure' with the subject > > Re: [Full-Disclosure] Core Internet Vulnerable - News at 11:00 > > Is being held until the list moderator can review it for approval. > > The reason it is being held: > > Message body is too big: 46716 bytes but there's a limit of 20 KB > > Either the message will get posted to the list, or you will receive > notification of the moderator's decision. > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html
Attachment:
signature.asc
Description: This is a digitally signed message part