[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Apache Killer
- To: Valdis.Kletnieks@xxxxxx
- Subject: Re: [Full-disclosure] Apache Killer
- From: Georgi Guninski <guninski@xxxxxxxxxxxx>
- Date: Fri, 26 Aug 2011 16:19:31 +0300
On Thu, Aug 25, 2011 at 03:52:00PM -0400, Valdis.Kletnieks@xxxxxx wrote:
> On Thu, 25 Aug 2011 21:35:04 +0300, Georgi Guninski said:
> > On Wed, Aug 24, 2011 at 10:45:53AM +0100, Mark J Cox wrote:
> > > Use CVE-2011-3192.
> >
> > why the fuck use this shit?
>
> So that when two different people issue advisories about it, if they both say
> CVE-2011-3192, we know it's the same issue. Otherwise if you got some people
> writing about Kingcope's hole with gzip and others writing about Zalewski's
> hole with Range: it's hard to tell if they're really the same issue or not.
>
ok, there might be some sense in using canonical names,
but why chose possibly the worst service available?
from their front page: "CVE®" - remember, remember what happened with the
securityfocus/bugtraq exploit DB?
btw, all the shitty id that should be "used" says:
** RESERVED ** This candidate has been reserved by an organization or
individual that will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be provided.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/