From owner-freebsd-security@FreeBSD.ORG Tue Sep 16 12:25:25 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 324D316A4B3 for ; Tue, 16 Sep 2003 12:25:25 -0700 (PDT) Received: from mx2.nersc.gov (mx2.nersc.gov [128.55.6.22]) by mx1.FreeBSD.org (Postfix) with ESMTP id 49FB543FA3 for ; Tue, 16 Sep 2003 12:25:24 -0700 (PDT) (envelope-from dart@nersc.gov) Received: from mx2.nersc.gov (localhost [127.0.0.1]) by localhost.nersc.gov (Postfix) with ESMTP id 724A9776E for ; Tue, 16 Sep 2003 12:25:23 -0700 (PDT) Received: from gemini.nersc.gov (gemini.nersc.gov [128.55.16.111]) by mx2.nersc.gov (Postfix) with ESMTP id 2D6497767 for ; Tue, 16 Sep 2003 12:25:23 -0700 (PDT) Received: from gemini.nersc.gov (localhost [127.0.0.1]) by gemini.nersc.gov (Postfix) with ESMTP id 1CFAEF8EB for ; Tue, 16 Sep 2003 12:25:23 -0700 (PDT) X-Mailer: exmh version 2.6.3 04/04/2003 with nmh-1.0.4 To: freebsd-security@freebsd.org In-Reply-To: Message from Brett Glass <4.3.2.7.2.20030916123558.02cfdef0@localhost> Mime-Version: 1.0 Content-Type: multipart/signed; boundary="==_Exmh_1688024332P"; micalg=pgp-sha1; protocol="application/pgp-signature" Content-Transfer-Encoding: 7bit Date: Tue, 16 Sep 2003 12:25:23 -0700 From: Eli Dart Message-Id: <20030916192523.1CFAEF8EB@gemini.nersc.gov> Subject: Re: OpenSSH heads-up X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 Sep 2003 19:25:25 -0000 --==_Exmh_1688024332P Content-Type: text/plain; charset=us-ascii In reply to Brett Glass : > At 07:43 AM 9/16/2003, Jacques A. Vidrine wrote: > > Could it be that some party or parties knew about this before the announcement > and is probing for hosts to exploit? I always assume that the blackhats are at least 6 to 12 months ahead of public disclosure.... The kiddies may not have as much of a lead, depending on how good their sources for exploit code are, but one should assume that Smart Bad People can own one's machines if one's only defense is a current patch set. --eli > > --Brett Glass > > > > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" --==_Exmh_1688024332P Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (FreeBSD) Comment: Exmh version 2.5 07/13/2001 iD8DBQE/Z2OjLTFEeF+CsrMRAinEAJ0XRjXxvKgIP6g86MsC4XvJQJ5OOgCgni/a Sq+D56RaPe+kVu45YRC38B8= =s+Nj -----END PGP SIGNATURE----- --==_Exmh_1688024332P--