[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Full-disclosure] Security Hole Found In Dave's Sock

To: <full-disclosure@xxxxxxxxxxxxxxxxx>
Subject: RE: [Full-disclosure] Security Hole Found In Dave's Sock
From: Raj Mathur <raju@xxxxxxxxxxxxxxx>
Date: Thu, 8 Sep 2005 22:52:24 +0530

>>>>> "Ted" == Ted Frederick <tfrederick@xxxxxxxxxxxx> writes:

    Ted> Dear list, I know that this list is not meant for personal
    Ted> promotion but I think I would be remiss if I did not mention
    Ted> that my company has recently released an upgrade to our
    Ted> initial offering of Shoe 1.0.  The upgrade to Shoe 2.0
    Ted> includes a firewall/anti-virus product previously known as
    Ted> Sock 3.4563.v54.

    Ted> The upgrade cost is $19.99. There is also a required software
    Ted> assurance subscription of $325.79 monthly.

    Ted> If all goes well with the new product I suspect that we will
    Ted> be purchased by a major software vendor before year end thus
    Ted> making updates available on the first Tuesday of every month
    Ted> to protect against further holes.  These updates will have
    Ted> vague names with no indication of what they actually fix
    Ted> which should relieve you of sparing any thought to what risks
    Ted> you may have been exposed to prior to the patch.

    Ted> Yes, we have in fact thought of everything so you don't have
    Ted> to.

I'm afraid you have fallen into the common trap of suggesting a
hardwear solution for what is essentially a softwear problem.  I'd
have been much happier to see the softwear vendors acknowledge this
vulnerability (it's endemic, not specific to one vendor) and offer
upgrades to their softwear on a regular basis.

I'm making a compilation of socks v5.0 softwear available in the
market and subjecting them to stress testing; the testing includes
running 2KM after subjecting the softwear to dipping in Sewer 0.2,
having /bin/cat /bin/sleep on them for 2 days, and a cron job to
periodically transfer them to and from a Windows system.  The results
of this testing will be available for a nominal fee(*).

I also suspect that by the end of the testing the softwear will have
metamorphosed into those elusive WMDs that have been, uh, eluding us
for so long.

(*) Standard nominal fee is half your kingdom and your daughter's hand
in marriage).

Regards,

-- Raju
-- 
Raj Mathur                raju@xxxxxxxxxxxxx      http://kandalaya.org/
       GPG: 78D4 FC67 367F 40E2 0DD5  0FEF C968 D0EF CC68 D17F
                      It is the mind that moves
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] Security Hole Found In Dave's Sock
  - From: John Smith

References:
- RE: [Full-disclosure] Security Hole Found In Dave's Sock
  - From: Ted Frederick

Prev by Date: RE: [Full-disclosure] Secuirty Hole Found In Dave's Sock
Next by Date: Re: [Full-disclosure] Security Hole Found In Dave's Sock
Previous by thread: Re: [Full-disclosure] Security Hole Found In Dave's Sock
Next by thread: Re: [Full-disclosure] Security Hole Found In Dave's Sock
Index(es):
- Date
- Thread