Re: a record?

Matthew Sullivan [EMAIL PROTECTED] writes: John Levine wrote: Moving sshd from port 22 to port 137, 138 or 139. Nasty eh? don't do that! Lots of (access) isps around the world (esp here in Europe) block those ports If you're going to move sshd somewhere else, port 443 is a fine choice.

Re: Cisco IOS Exploit Cover Up

was a method for exploiting arbitrary new vulnerabilities. Are you saying that this method can't be used in future IOS revs? Thanks, -Ekr [Eric Rescorla RTFM, Inc.]

Re: OMB: IPv6 by June 2008

I don't want to get into an SSL vs. IPsec argument, but... David Conrad [EMAIL PROTECTED] writes: Compare with SSL (works out-of-the-box in 99.999% cases, and allows both, full and hard security with root certificates etc, or simple security based on _ok, I trust you first time, then we can

Re: OT - 3 Free Gmail invites

Bill Woodcock [EMAIL PROTECTED] writes: On Thu, 19 Aug 2004, Steven S. wrote: I have 5 invites that I'm willing to part with... Uh, could we _please_ get back to something with operational content, or nothing at all? Anyone have anything concrete on the SHA-0 / MD5

Re: AV/FW Adoption Sudies

[EMAIL PROTECTED] writes: On Wed, 09 Jun 2004 18:45:55 EDT, Sean Donelan [EMAIL PROTECTED] said: The numbers vary a little e.g. 38% or 42%, but the speed or severity or publicity doesn't change them much. If it is six months before the exploit, about 40% will be patched (60% unpatched).

Re: AV/FW Adoption Sudies

[EMAIL PROTECTED] writes: On Thu, 10 Jun 2004 08:50:18 PDT, Eric Rescorla said: [EMAIL PROTECTED] writes: Remember that the black hats almost certainly had 0-days for the holes, and before the patch comes out, the 0-day is 100% effective. What makes you think that black hats already

Re: AV/FW Adoption Sudies

Paul G [EMAIL PROTECTED] wrote: - Original Message - From: Eric Rescorla [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: Sean Donelan [EMAIL PROTECTED]; 'Nanog' [EMAIL PROTECTED] Sent: Thursday, June 10, 2004 2:37 PM Subject: Re: AV/FW Adoption Sudies -- snip --- If we assume

Re: AV/FW Adoption Sudies

[EMAIL PROTECTED] writes: On Thu, 10 Jun 2004 11:54:31 PDT, Eric Rescorla said: My hypothesis is that the sets of bugs independently found by white hats and black hats are basically disjoint. So, you'd definitely expect that there were bugs found by the black hats and then used as zero

Re: AV/FW Adoption Sudies

[EMAIL PROTECTED] writes: On Thu, 10 Jun 2004 12:23:42 PDT, Eric Rescorla said: I'm not sure we disagree. All I was saying was that I don't think we have a good reason to believe that the average bug found independently by a white hat is already known to a black hat. Do you disagree

Re: AV/FW Adoption Sudies

[EMAIL PROTECTED] writes: On Thu, 10 Jun 2004 13:30:41 PDT, Eric Rescorla said: [0] Note that this doesn't require that the chance of finding any particular bug upon inspection of the code be very low high, but merely that there not be very deep coverage of any particular code section

Re: OpenSSL

on the SSL server. So as long as the SSL server is accessible at all, the attack can be mounted. And once the private key is recovered, then you no longer need LAN access. -Ekr -- [Eric Rescorla [EMAIL PROTECTED] http://www.rtfm.com/

Re: OpenSSL

link doesn't protect you. -Ekr -- [Eric Rescorla [EMAIL PROTECTED] http://www.rtfm.com/

Re: SSL crack in the news

Mark Radabaugh [EMAIL PROTECTED] writes: http://www.cnn.com/2003/TECH/internet/02/21/email.encryption.reut/index.html Very little real information... Here's the writeup I sent to the cryptography mailing list. -- Here's a fairly