possible rsync validation dos vuln

• Previous message (by thread): possible rsync validation dos vuln
• Next message (by thread): possible rsync validation dos vuln
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> there's a public statement about this from NCSC-NL:
>> https://www.ncsc.nl/actueel/nieuws/2021/oktober/29/aanstaande-bekendmaking-cvd-procedure-rpki

blah blah blah

bottom line.  they gave first notice to devs 4 days before threatened
disclosure.  that they then asked to embargo was just adding insult to
injury.

https://en.wikipedia.org/wiki/Responsible_disclosure

we will remember their names.  like the herzberg incident, "the internet
has two weeks to upgrade all microtiks globally before we intentionally
break it again."

would they do the same to the electric grid or other scada network?  the
internet's openness and kindness has led them to think we can be abused
willy nilly.

we will remember their names.

randy

• Previous message (by thread): possible rsync validation dos vuln
• Next message (by thread): possible rsync validation dos vuln
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]