Dailydave mailing list archives
NISCC's culmination of sitting on an ISAKMP vulnerability for 4 months
From: Paul Wouters <paul () xelerance com>
Date: Mon, 14 Nov 2005 14:45:45 +0100 (CET)
NISCC's achievement this time: - do not release vulnerability information to open source vendors prior to release. Just tell them they cannot have the information for 4 months. - try to postpone another 3 months, but getting their hands forced by CERT-FI - do not list vendors impacted in their announcement. - do not request a CVE. - give the public absolutely no information on the vulnerability and whether they are impacted or need to urgently upgrade or not. I sincerilly hope NISCC's infrastructure somewhere, somehow, depends on a Linux or BSD machine that will be DOSed by this, and their manager will soon become their PM. See how it impacted us: http://lists.openswan.org/pipermail/announce/2005-November/000008.html Morons, Paul
Current thread:
- NISCC's culmination of sitting on an ISAKMP vulnerability for 4 months Paul Wouters (Nov 14)
- Re: NISCC's culmination of sitting on an ISAKMP vulnerability for 4 months Dave Aitel (Nov 14)
- Re: NISCC's culmination of sitting on an ISAKMP vulnerability for 4 months Paul Wouters (Nov 14)
- Re: NISCC's culmination of sitting on an ISAKMP vulnerability for 4 months Florian Weimer (Nov 14)
- Re: NISCC's culmination of sitting on an ISAKMP vulnerability for 4 months Adam Shostack (Nov 14)
- Re: NISCC's culmination of sitting on an ISAKMP vulnerability for 4 months Florian Weimer (Nov 14)
- Re: NISCC's culmination of sitting on an ISAKMP vulnerability for 4 months Dave Aitel (Nov 14)
- Re: NISCC's culmination of sitting on an ISAKMP vulnerability for 4 months Paul Wouters (Nov 14)
- Re: NISCC's culmination of sitting on an ISAKMP vulnerability for 4 months Adam Shostack (Nov 14)