Date: Fri, 09 Feb 2001 17:44:45 +0100 From: Eric Cholet <cholet@logilune.com> To: security@FreeBSD.ORG Subject: Re: FreeBSD Ports Security Advisory: FreeBSD-SA-01:INSERT_NUMBER_HERE Message-ID: <2488141552.981740685@[192.168.1.2]> In-Reply-To: <200102082014.PAA29877@vws3.interlog.com>
next in thread | previous in thread | raw e-mail | index | archive | help
I received the following, what worries me is that the PGP signature verified, and it's not April 1st. WTF ?? --On 08/02/01 15:14 -0500 FreeBSD Security Advisories mumbled: > ========================================================================= > ==== FreeBSD-SA-01:INSERT_NUMBER_HERE Security > Advisory FreeBSD, Inc. > > Topic: FreeBSD on record to set most advisory releases for > year 2001 > > Category: All > Announced: 2001-02-07 > Credits: sil@loopback.antioffline.com http://www.antioffline.com > Vendor status: Developers sleeping right now > FreeBSD only: Yes > > I. Background > > FreeBSD is the most robust chopperating sysdumb in the world and we > mean it. Our TCP stack will kick your TCP stacks hynee. Currently we > are releasing an advisory every 1.95 days which means we are bound > to surpass Microsoft. > > II. Problem Description > > We normally do not assess security when creating the ports distribution > often allowing anyone to build any program we decide to run in the ports > directory. Recently we have noticed that we can no longer fool users > into thinking because we provide checksumming for the programs, that > they will be secure. > > Unlinke other operating systems and the developers of them who audit > their ports, we feel it is not our problem if someone accessess your > system because we're too lazy to do things right the first time. > > > III. Impact > > Obviously anyone can end up control your machine or worse. > > IV. Workaround > > We will not be mentioning the ultra secure OpenBSD operating system > since we feel it is not our problem and does not help to promote a > better OS than our own. > > V. Solution > > One of the following: > > 1) Rub a magic lamp and wait for the security genie to fix it. > > 2) Download NSA Linux so you too can have miniscule backdoors in it > which you won't see. > > 3) Pray to the hacker god Kevin Mitnick for assistance. > > 4) Install a more secure O(penBSD)S > > NOTE: FreeBSD developers are now red faced > > VI. Shouts > > Hard Lee Strange > Mike Hunt > Ivana Swallows > Mike Hock > Dick Famous > Kathie Lee Gifford > > > > This is the moderated mailing list freebsd-announce. > The list contains announcements of new FreeBSD capabilities, > important events and project milestones. > See also the FreeBSD Web pages at http://www.freebsd.org > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-announce" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?2488141552.981740685>