[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Microsoft takes 7 years to 'solve' a problem?!

To: arasm@xxxxxx, eric@xxxxxxxxxx, pschmehl_lists@xxxxxxxxx
Subject: Re: [Full-disclosure] Microsoft takes 7 years to 'solve' a problem?!
From: "Elazar Broad" <elazar@xxxxxxxxxxxx>
Date: Fri, 28 Nov 2008 14:06:48 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dan has been an exception to just about every rule, including the
"you should take me seriously" rule. Not that this is a good thing,
the guy is brilliant...

On Wed, 26 Nov 2008 14:40:42 -0500 Paul Schmehl
<pschmehl_lists@xxxxxxxxx> wrote:
>--On November 26, 2008 1:59:27 AM -0600 Elazar Broad
><elazar@xxxxxxxxxxxx>
>wrote:
>
>>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Um, NTLM isn't the only 20 or so year old protocol to take the
>rap
>> recently, I can think of a low numbered rfc, lets say 1034 and
>> 1035. Hindsight is 20/20, and 20 years ago, who would have
>thought
>> that a 16 bit number was way too small for DNS transaction id,
>the
>> same "who would have though" goes for NTLM and the rest. Lets
>face
>> it, protocol design bugs suck, and to completely replace a
>widely
>> used protocol ranks pretty high in the PiTA hall of fame...
>>
>
>In that particular case Dan Bernstein not only *did* think about
>it but
>actually did something about it.  It's just that no one else was
>listening.
>
>Paul Schmehl, If it isn't already
>obvious, my opinions are my own
>and not those of my employer.
>******************************************
>WARNING: Check the headers before replying
-----BEGIN PGP SIGNATURE-----
Charset: UTF8
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 3.0

wpwEAQECAAYFAkkwQUkACgkQi04xwClgpZiDIQP9FlPRrcxmuee/EiJFAAYZrAeTKvqj
Lze+xlyTfWickh0JaczRYfNnho5MWAiie+jF5QjcXPJTch64hWvxm8PzjRbIqcnGGbMa
dtvUk7PF7hELryWHy8CRu/WGHq5ejD3CFegdnX9HpbKD8zBXmuJdtNpSc0wwGvGcxe9z
XBCqXx4=
=w/u9
-----END PGP SIGNATURE-----

--
Click here to choose from a huge selection of the billiard accessories you need.
http://tagline.hushmail.com/fc/PnY6qxubm7YZMMzPW1eIA3ZOBhrMWDmFw8sLmh0HJftgy2H1YOYys/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: [Full-disclosure] DC4420 - DEFCON London - Christmas Meet - Tuesday 2nd December, 2008
Next by Date: [Full-disclosure] [tool] Exomind v0.2 is out!
Previous by thread: Re: [Full-disclosure] Microsoft takes 7 years to 'solve' a problem?!
Next by thread: [Full-disclosure] New tool and paper for Oracle forensics...
Index(es):
- Date
- Thread