CERT gives vendors time to fix the problem before it is reported to everyone. That way it should be patched before CERT tells all the script kiddies how to exploit the system.
-----Original Message----- From: Linux on 390 Port [mailto:[EMAIL PROTECTED] Behalf Of Phil Smith III Sent: Friday, May 16, 2008 12:57 PM To: [email protected] Subject: Debian/Ubuntu OpenSSL Random Number Generator Vulnerability So, is it just me, or is there something wrong when I learn about this from xkcd.com long before the CERT Advisory comes out? ...phsiii ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 __________________________________________________________________________________________________ CONFIDENTIALITY NOTICE: This email from the State of California is for the sole use of the intended recipient and may contain confidential and privileged information. Any unauthorized review or use, including disclosure or distribution, is prohibited. If you are not the intended recipient, please contact the sender and destroy all copies of this email. ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
