[Dshield] Security holes ... Who cares? [Re: Ceterum censeo --- The Weakest link in the chain ...]

Peter Stendahl-Juvonen peter.stendahl-juvonen at welho.com
Fri Nov 22 10:14:02 GMT 2002


John S., Johannes, John D., et al.


Security holes ...  Who cares?


FYI-

Please find enclosed a link to a study by consultant Eric Rescorla,
RTFM, Inc. 

http://www.rtfm.com/upgrade.pdf

Some may found the study of interest, others perhaps not. The study,
however may remind about the frequently weakest link in the chain. 

- Peter

           "Avoid delays: procrastination always does harm."
         Lucanus, Marcus Annaeus Lucanus (39-65); Roman poet.


PS.  John, thank you for the compliment. Love your quote as well. It
brought refreshing thoughts. 

Been busy with engagements and commitments, however, thought the study
one happened to glance an eye over might enlighten in an easy way the
[original] theme.  

Same


PPS.  list-admin at dshield.org <mailto:list-admin at dshield.org> wrote on
Tuesday, September 17, 2002 3:50 PM: on behalf of: Johannes Ullrich
[jullrich at euclidian.com]  

| I rewrote the ISC slaper advisory last night. It includes a
| 'bibliography' at the end with links:
| 
| 
| http://isc.incidents.org/analysis.html?id=167

Johannes, thank you on behalf anyone and all concerned.

Same same


list-admin at dshield.org <mailto:list-admin at dshield.org> wrote on
Tuesday, September 17, 2002 9:57 PM: on behalf of: John Stevenson
[john at ajby.com]  

| Yesterday 16th, all but the Symantec one worked fine on double
| clicking the link (from here, Guyana - South America) and that
| wouldn't work even with a cut and paste of the first line and hand
| entering the last few characters (it wouldn't cut and paste
| complete!!!) to give the full URL (gave the usual Symantec 'File not
| Found - looking for something at Symantec' page)
| 
| However on trying again today (about 18.30 GMT Tuesday 17th ) the
| f-secure and symantec links work fine (hand completing the symantec
| one) but neither of the security focus ones work! (The
| europe.f-secure link also works fine)
| 
| 'Curiouser and curiouser'
| 
| 
| Love your quotes, Peter!
| 
| (another) John
| 
| "What mean all these mysteries to me
| Whose life is full of indexes and surds
| x^2 + 7x + 63 = 11/3"
| (Dr Charles Dodson - AKA Lewis Carol)
| 
| 
| 
"Peter Stendahl-Juvonen" wrote on Tuesday, September 17, 2002 1:16 PM:

|| John, et al.
|| 
|| Apology for any possible inconvenience caused.
|| 
|| 
|| However, hmmm...
|| 
|| Strange, that is, if you mean they do not work technically, i.e.
|| technical inoperability (or technical inoperability between
|| different systems). 
|| 
|| All URLs work fine here.
|| 
|| Even the broken or wrapped one takes you to an "almost-there" Web
|| page. If you then add the wrapped part of that URL to the end of the
|| URL, even that hyperlink works fine here. Same result achieved if
|| "cut 'n paste" method used right from the start, with two iterations.
|| 
|| Was interpretation of your comment correct? Is the "cut 'n paste"
|| method just as unsuccessful, with any of them?
|| 
|| Could it be am overlooking something at this end?
|| 
|| 
|| One last guess for now: Has the so called "language barrier"
|| affected even hyperlinks? 
|| 
|| 
|| -  Peter
|| 
||   "Nothing ever becomes real till it is experienced -- even a proverb
||           is no proverb to you till your life has illustrated it."
||                   John Keats (1795-1821); English poet.
|| 
|| 
|| PS.  Here is another: http://www.europe.f-secure.com/slapper/
|| 
|| -  Best of luck
|| 
|| list-admin at dshield.org <mailto:list-admin at dshield.org> wrote on
|| Tuesday, September 17, 2002 4:38 AM: on behalf of John Draper:
|| 
|||| Sixth Immutable Law of Security: "A machine is only as secure as
|||| the administrator is trustworthy"
|||| 
|||| 
|||| http://www.f-secure.com/slapper/
|||| 
|||| 
||
http://securityresponse.symantec.com/avcenter/security/Content/2002.09.1
|||| 3.html
||| 
||| The above URL had an embedded CR,,,
|||| 
|||| http://online.securityfocus.com/bid/5363
|||| http://online.securityfocus.com/bid/5363/solution/
||| 
||| None of these URL's work.
||| 
||| John
||| 
||| 
| 
| 
| 
| _______________________________________________
| Dshield mailing list
| Dshield at dshield.org
| To change your subscription options (or unsubscribe), see:
| http://www.dshield.org/mailman/listinfo/list




More information about the list mailing list