possible rsync validation dos vuln
Randy Bush
randy at psg.com
Fri Oct 29 17:10:26 UTC 2021
> there's a public statement about this from NCSC-NL:
>> https://www.ncsc.nl/actueel/nieuws/2021/oktober/29/aanstaande-bekendmaking-cvd-procedure-rpki
blah blah blah
bottom line. they gave first notice to devs 4 days before threatened
disclosure. that they then asked to embargo was just adding insult to
injury.
https://en.wikipedia.org/wiki/Responsible_disclosure
we will remember their names. like the herzberg incident, "the internet
has two weeks to upgrade all microtiks globally before we intentionally
break it again."
would they do the same to the electric grid or other scada network? the
internet's openness and kindness has led them to think we can be abused
willy nilly.
we will remember their names.
randy
More information about the NANOG
mailing list