Next Page >>
Internet community
This document is a product of the Transport Area Working Group Working
Group of the IETF.
BCP: This document specifies an Internet Best Current Practices for the
Internet Community, and requests discussion and suggestions for
improvements. Distribution of this memo is unlimited.
This announcement is sent to the IETF-Announce and rfc-dist lists.
To subscribe or unsubscribe, see
http://www.ietf.org/mailman/listinfo/ietf-announce
Legal:
Copyright 2008 Procheckup Ltd. All rights reserved.
Permission is granted for copying and circulating this Bulletin to the
Internet community for the purpose of alerting them to problems, if and
only if, the Bulletin is not edited or changed in any way, is
attributed to Procheckup, and provided such reproduction and/or
distribution is performed for non-commercial purposes.
>> ignore to fix the holes (especially DoS holes, which were only fixed few
>> times by Google and one time by Microsoft, and not in IE, but in Outlook,
>> and 99% of cases were completely ignored). Taking that into account last
>> year I decided from 2010 never inform browser vendors about DoS holes in
>> their browsers. And this time it was an exclusion (just one). In any case
>> due to full disclosure the Internet community will be knowing about the
>> vulnerabilities in browsers which I found and will be knowing the real
>> state
>> of security of browsers. It was another leitmotif of my advisory.
>>
>> So this time I informed browser developers and users about these issues.
Legal:
Copyright 2008 Procheckup Ltd. All rights reserved.
Permission is granted for copying and circulating this Bulletin to the
Internet community for the purpose of alerting them to problems, if and
only if, the Bulletin is not edited or changed in any way, is attributed
to Procheckup, and provided such reproduction and/or distribution is
performed for non-commercial purposes.
Any other use of this information is prohibited. Procheckup is not
Legal:
Copyright 2008 Procheckup Ltd. All rights reserved.
Permission is granted for copying and circulating this Bulletin to the
Internet community for the purpose of alerting them to problems, if and
only if, the Bulletin is not edited or changed in any way, is attributed
to Procheckup, and provided such reproduction and/or distribution is
performed for non-commercial purposes. Any other use of this information
is prohibited. Procheckup is not liable for any misuse of this
information by any third party.
LACNIC (http://www.lacnic.net) is the international organization based
in (Uruguay) that is responsible for administrating IP address space,
Reverse Resolution, Autonomous System Numbers and other resources for
the region of Latin America and the Caribbean on behalf of the Internet
community.
The ?7th Network Security Event for Latin America and the Caribbean?
will be held in Quito, Ecuador, within the framework of LACNIC's
seventeenth annual meeting (LACNIC XVII). This is a public call for
presentations for that event.
Legal:
Copyright 2010 Procheckup Ltd. All rights reserved.
Permission is granted for copying and circulating this Bulletin to the
Internet community for the purpose of alerting them to problems, if and
only if, the Bulletin is not edited or changed in any way, is attributed
to Procheckup, and provided such reproduction and/or distribution is
performed for non-commercial purposes.
Any other use of this information is prohibited. Procheckup is not
Legal:
Copyright 2010 Procheckup Ltd. All rights reserved.
Permission is granted for copying and circulating this Bulletin to the
Internet community for the purpose of alerting them to problems, if and
only if, the Bulletin is not edited or changed in any way, is attributed
to Procheckup, and provided such reproduction and/or distribution is
performed for non-commercial purposes.
Any other use of this information is prohibited. Procheckup is not
Legal:
Copyright 2008 Procheckup Ltd. All rights reserved.
Permission is granted for copying and circulating this Bulletin to the
Internet community for the purpose of alerting them to problems, if and
only if, the Bulletin is not edited or changed in any way, is
attributed to Procheckup, and provided such reproduction and/or
distribution is performed for non-commercial purposes.
Any other use of this information is prohibited. Procheckup is not
Legal:
Copyright 2008 Procheckup Ltd. All rights reserved.
Permission is granted for copying and circulating this Bulletin to the
Internet community for the purpose of alerting them to problems, if and
only if, the Bulletin is not edited or changed in any way, is attributed
to Procheckup, and provided such reproduction and/or distribution is
performed for non-commercial purposes.
Any other use of this information is prohibited. Procheckup is not
Legal:
Copyright 2009 ProCheckUp Ltd. All rights reserved.
Permission is granted for copying and circulating this Bulletin to the
Internet community for the purpose of alerting them to problems, if and
only if the Bulletin is not changed or edited in any way, is attributed
to ProCheckUp indicating this web page URL, and provided such
reproduction and/or distribution is performed for non-commercial purposes.
Any other use of this information is prohibited. ProCheckUp is not
> ignore to fix the holes (especially DoS holes, which were only fixed few
> times by Google and one time by Microsoft, and not in IE, but in Outlook,
> and 99% of cases were completely ignored). Taking that into account last
> year I decided from 2010 never inform browser vendors about DoS holes in
> their browsers. And this time it was an exclusion (just one). In any case
> due to full disclosure the Internet community will be knowing about the
> vulnerabilities in browsers which I found and will be knowing the real
> state
> of security of browsers. It was another leitmotif of my advisory.
>
> So this time I informed browser developers and users about these
Legal:
Copyright 2009 Procheckup Ltd. All rights reserved.
Permission is granted for copying and circulating this Bulletin to the Internet community for the purpose of alerting them to problems, if and only if, the Bulletin is not edited or changed in any way, is attributed to Procheckup, and provided such reproduction and/or distribution is performed for non-commercial purposes.
Any other use of this information is prohibited. Procheckup is not liable for any misuse of this information by any third party.
Legal:
Copyright 2008 Procheckup Ltd. All rights reserved.
Permission is granted for copying and circulating this Bulletin to the
Internet community for the purpose of alerting them to problems, if and
only if, the Bulletin is not edited
or changed in any way, is attributed to Procheckup, and provided such
reproduction and/or distribution is performed for non-commercial purposes.
Any other use of this information is prohibited. Procheckup is not
Legal:
Copyright 2008 ProCheckUp Ltd. All rights reserved.
Permission is granted for copying and circulating this Bulletin to the
Internet community for the purpose of alerting them to problems, if and
only if the Bulletin is not changed or edited in any way, is attributed
to ProCheckUp indicating this web page URL, and provided such
reproduction and/or distribution is performed for non-commercial purposes.
Any other use of this information is prohibited. ProCheckUp is not
Legal:
Copyright 2008 Procheckup Ltd. All rights reserved.
Permission is granted for copying and circulating this Bulletin to the
Internet community for the purpose of alerting them to problems, if and
only if, the Bulletin is not edited or changed in any way, is attributed
to Procheckup, and provided such reproduction and/or distribution is
performed for non-commercial purposes.
Any other use of this information is prohibited. Procheckup is not
Legal
Copyright 2010 ProCheckUp Ltd. All rights reserved.
Permission is granted for copying and circulating this Bulletin to the
Internet community for the purpose of alerting them to problems, if and
only if, the Bulletin is not edited or changed in any way, is attributed
to Procheckup, and provided such reproduction and/or distribution is
performed for non-commercial purposes.
Any other use of this information is prohibited. Procheckup is not
Legal:
Copyright 2008 Procheckup Ltd. All rights reserved.
Permission is granted for copying and circulating this Bulletin to the
Internet community for the purpose of alerting them to problems, if and
only if, the Bulletin is not edited or changed in any way, is attributed
to Procheckup, and provided such reproduction and/or distribution is
performed for non-commercial purposes.
Any other use of this information is prohibited. Procheckup is not
Legal:
Copyright 2008 Procheckup Ltd. All rights reserved.
Permission is granted for copying and circulating this Bulletin to the
Internet community for the purpose of alerting them to problems, if and
only if, the Bulletin is not edited or changed in any way, is attributed
to Procheckup, and provided such reproduction and/or distribution is
performed for non-commercial purposes.
Any other use of this information is prohibited. Procheckup is not
Legal:
Copyright 2009 Procheckup Ltd. All rights reserved.
Permission is granted for copying and circulating this Bulletin to the
Internet community for the purpose of alerting them to
problems, if and only if, the Bulletin is not edited or changed in any
way, is attributed to Procheckup, and provided such
reproduction and/or distribution is performed for non-commercial purposes.
Any other use of this information is prohibited. Procheckup is not
Legal:
Copyright 2009 Procheckup Ltd. All rights reserved.
Permission is granted for copying and circulating this Bulletin to the Internet community for the purpose of alerting them to problems, if and only if, the Bulletin is not edited or changed in any way, is attributed to Procheckup, and provided such reproduction and/or distribution is performed for non-commercial purposes.
Any other use of this information is prohibited. Procheckup is not liable for any misuse of this information by any third party.
there will be no site to close, and no site to block with antifishing
lists). And there are a lot of vulnerable redirectors in Internet.
I planned to write an article about JavaScript Execution attacks in
different browsers via different redirectors to draw attention of Internet
community to this problem. Didn't write it in last two weeks, but I'd do it
in near time.
Best wishes & regards,
MustLive
Administrator of Websecurity web site
Legal:
Copyright 2010 ProCheckUp Ltd. All rights reserved.
Permission is granted for copying and circulating this Bulletin to the
Internet community for the purpose of alerting them to
problems, if and only if the Bulletin is not changed or edited in any
way, is attributed to ProCheckUp indicating this web page URL, and
provided such reproduction and/or distribution
LACNIC (http://www.lacnic.net) is the international organization based
in (Uruguay) that is responsible for administrating IP address space,
Reverse Resolution, Autonomous System Numbers and other resources for
the region of Latin America and the Caribbean on behalf of the Internet
community.
The “6th Network Security Event for Latin America and the Caribbean”
will be held in Cancun, Mexico, within the framework of LACNIC's
fifteenth annual meeting (LACNIC XV). This is a public call for
presentations for that event.
LACNIC (http://www.lacnic.net) is the international organization based
in Montevideo (Uruguay) that is responsible for administrating the IP
address space, Reverse Resolution, Autonomous System Numbers and other
resources for the region of Latin America and the Caribbean on behalf of
the Internet community.
The "7th Network Security Event for Latin America and the Caribbean"
(LACSEC 2012) will be held in Quito, Ecuador, within the framework of
LACNIC's seventeenth annual meeting (LACNIC XVII).
Legal:
Copyright 2008 Procheckup Ltd. All rights reserved.
Permission is granted for copying and circulating this Bulletin to the
Internet community for the purpose of alerting them to problems, if and
only if, the Bulletin is not edited or changed in any way, is attributed
to Procheckup, and provided such reproduction and/or distribution is
performed for non-commercial purposes.
Any other use of this information is prohibited. Procheckup is not
Legal:
Copyright 2008 Procheckup Ltd. All rights reserved.
Permission is granted for copying and circulating this Bulletin to the
Internet community for the purpose of alerting them to problems, if and
only if, the Bulletin is not edited or changed in any way, is
attributed to Procheckup, and provided such reproduction and/or
distribution is performed for non-commercial purposes.
Legal:
Copyright 2009 ProCheckUp Ltd. All rights reserved.
Permission is granted for copying and circulating this Bulletin to the
Internet community for the purpose of alerting them to problems, if and
only if the Bulletin is not changed or edited in any way, is attributed
to ProCheckUp indicating this web page URL, and provided such
reproduction and/or distribution is performed for non-commercial purposes.
Any other use of this information is prohibited. ProCheckUp is not
> It's a text published by ISC as a follow up to the bind9 predictable id saga.
>
> Particularly the following statement is funny, and shows complete lack
> of understanding of the terminology and of the problem space:
>
> 'ISC would like to assure the Internet community that this is much
> less an issue of using "extremely weak crypto" as it has been
> described, than the use of a random number generator that did not
> provide sufficient randomness.'
>
> My understanding is that they used a pseudo random number generator in
Legal
Copyright 2010 ProCheckUp Ltd. All rights reserved.
Permission is granted for copying and circulating this Bulletin to the
Internet community for the purpose of alerting them to problems, if and
only if, the Bulletin is not edited or changed in any way, is attributed
to Procheckup, and provided such reproduction and/or distribution is
performed for non-commercial purposes.
Any other use of this information is prohibited. Procheckup is not
Next Page>>
|
