|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[Dailydave] NISCC's culmination of sitting on an ISAKMP vulnerability for 4 months
From: Paul Wouters (paul
xelerance.com)
Date: Mon Nov 14 2005 - 07:45:45 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
NISCC's achievement this time:
- do not release vulnerability information to open source vendors prior to
release. Just tell them they cannot have the information for 4 months.
- try to postpone another 3 months, but getting their hands forced by CERT-FI
- do not list vendors impacted in their announcement.
- do not request a CVE.
- give the public absolutely no information on the vulnerability and
whether they are impacted or need to urgently upgrade or not.
I sincerilly hope NISCC's infrastructure somewhere, somehow, depends on a
Linux or BSD machine that will be DOSed by this, and their manager will soon
become their PM.
See how it impacted us:
http://lists.openswan.org/pipermail/announce/2005-November/000008.html
Morons,
Paul
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]