Bugtraq mailing list archives
CERT/AUCERT
From: mycroft () datasphere net (Mycroft)
Date: Thu, 19 Dec 1996 11:47:33 -0800
Within the past few months, there has been a decisive trend in CERT/AUCERT's release of vulnerability notices. A bug appears on BugTraq, and within hours or days, a AUCERT or CERT vulnerability notice appears. That is a GoodThing(tm). However. In these notices, CERT/AUCERT has failed to credit the authors of those exploits. Now, yes, it is entirely possible CERT/AUCERT has known about these holes for ages, and just decided not to release a vulnerability notice. Of course, that can't be true, because that would make them willing accomplices to break-ins. So, assuming that they didn't know about these holes, and the way too coincidental timing issue, I would have to say AUCERT/CERT owes a number of people an apology, at the very least. CERT and AUCERT are both funded organizations, bound by the same laws as the rest of us. CERT, being funded by DOD and other federal sources, is certainly bound by intellectual property statutes. So if CERT and AUCERT have truly discovered these holes in parallel with their known and respective authors, it would be extremely interesting to see some proof of that. .mycroft -- [:]====================================================================[:] [\] Mycroft <mycroft () datasphere net> >>>>>[DataSphere]<<<<< [=] [=] Key fingerprint = DD B1 A7 D9 2D DF A0 F7 23 C2 6B EC 5A AD 01 A9 [\] [:]====================================================================[:]
Current thread:
- Possible Denial of Service: SSH Sean B. Hamor (Dec 17)
- Re: Possible Denial of Service: SSH Paul Wouters (Dec 18)
- Re: Possible Denial of Service: SSH Jim Dennis (Dec 18)
- Re: Possible Denial of Service: SSH Toomas Soome (Dec 18)
- Re: Possible Denial of Service: SSH Jim Dennis (Dec 18)
- Re: Possible Denial of Service: SSH Sven Gestegard (Dec 18)
- Exploit for ppp bug (FreeBSD 2.1.0). Leshka Zakharoff (Dec 18)
- CIAC Bulletin H-17: cron/crontab Buffer Overrun Vulnerabilities David Crawford (Dec 19)
- NT vulnerable to attack on CPU Aleph One (Dec 19)
- CERT/AUCERT Mycroft (Dec 19)
- Re: CERT/AUCERT itudps (Dec 19)
- Re: CERT/AUCERT Aleph One (Dec 19)
- Re: CERT/AUCERT Theo de Raadt (Dec 19)
- Slow vendor response Alan Cox (Dec 20)
- CERT Bashing, etc Aleph One (Dec 19)
- Re: CERT/AUCERT Yuri Volobuev (Dec 19)
- Re: CERT/AUCERT Tung-Hui Hu (Dec 19)
- TCP bug on old Solaris box ? Gilles Soulet (Dec 20)
- Re: TCP bug on old Solaris box ? Nathan Lawson (Dec 21)
- Buffer overflow in Linux's login program Joe Zbiciak (Dec 22)
- Re: Possible Denial of Service: SSH Paul Wouters (Dec 18)