From owner-freebsd-security@FreeBSD.ORG  Fri Sep 13 05:18:52 2013
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTP id 82F05BA2;
 Fri, 13 Sep 2013 05:18:52 +0000 (UTC) (envelope-from lev@FreeBSD.org)
Received: from onlyone.friendlyhosting.spb.ru (onlyone.friendlyhosting.spb.ru
 [46.4.40.135]) by mx1.freebsd.org (Postfix) with ESMTP id 41D7326E5;
 Fri, 13 Sep 2013 05:18:51 +0000 (UTC)
Received: from lion.home.serebryakov.spb.ru (unknown
 [IPv6:2001:470:923f:1:e570:39d1:5fba:531f])
 (Authenticated sender: lev@serebryakov.spb.ru)
 by onlyone.friendlyhosting.spb.ru (Postfix) with ESMTPSA id D8F8D4AC57;
 Fri, 13 Sep 2013 09:18:43 +0400 (MSK)
Date: Fri, 13 Sep 2013 09:18:35 +0400
From: Lev Serebryakov <lev@FreeBSD.org>
X-Priority: 3 (Normal)
Message-ID: <1458963304.20130913091835@serebryakov.spb.ru>
To: Julian Elischer <julian@freebsd.org>
Subject: Re: FreeBSD Transient Memory problem?
In-Reply-To: <5231D461.5050504@freebsd.org>
References: <CAGX1DMbQP=TggYQm-3hra0Od3gjgz5xQ8bEMMrueuhL6kuZMUA@mail.gmail.com>
 <5231D461.5050504@freebsd.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Cc: freebsd-security@FreeBSD.org
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "Security issues \[members-only posting\]"
 <freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Sep 2013 05:18:52 -0000

Hello, Julian.
You wrote 12 =D1=81=D0=B5=D0=BD=D1=82=D1=8F=D0=B1=D1=80=D1=8F 2013 =D0=B3.,=
 18:49:05:


JE> Pretty much all they've proved to me is that they have no idea of what
JE> they are talking about.
JE> You need to ask them for a better description of the problem as so far=
=20
JE> all you've
JE> seen is about a hundred computer science professionals rolling around=
=20
JE> on the floor
JE> laughing when you showed them the paragraph from the report..

JE> and you can quote me on that one.
  In my expirience, "Security audit" people, who could, for example, do
 PCI/DSS audit, are like this. So, yet, it is their level of competence, but
 you could not pass around them, if you want official PCI/DSS certification,
 for example. Did you seen this epic thread on stackoverflow (or its
 devops/sysops counterpart) about "log file with every login of each user
with password in clear text,'' for example?

--=20
// Black Lion AKA Lev Serebryakov <lev@FreeBSD.org>