From owner-freebsd-newbies Tue Jan 21 8:14:46 2003 Delivered-To: freebsd-newbies@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EE3CC37B401 for ; Tue, 21 Jan 2003 08:14:44 -0800 (PST) Received: from groucho.candhsoftware.com (www.candhsoftware.com [67.41.24.249]) by mx1.FreeBSD.org (Postfix) with ESMTP id F2E5D43EB2 for ; Tue, 21 Jan 2003 08:14:43 -0800 (PST) (envelope-from awc@groucho.candhsoftware.com) Received: from localhost (awc@localhost) by groucho.candhsoftware.com (8.11.3/8.11.3) with ESMTP id h0LGEoc51335; Tue, 21 Jan 2003 09:14:54 -0700 (MST) (envelope-from awc@groucho.candhsoftware.com) Date: Tue, 21 Jan 2003 09:14:50 -0700 (MST) From: Andy Clements To: paul van den bergen Cc: Subject: Re: OT: general security question... In-Reply-To: <200301211533.47670.pvandenbergen@swin.edu.au> Message-ID: <20030121090006.D51314-100000@groucho.candhsoftware.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-newbies@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Paul, The first thing I would try is the company's web-site where the hardware orginated from. Hopefully, they are experts with their own product and would like to know of any flaws that originate from their product - they may have already found it and devised a solution for said product. It seems that the medium most chose to expose flaws of other people's product is to write a in-depth detailed treatise on the subject, post it to your website and then post messages to various but related newsgroups of the flaw that you have found. This path of action has a tendancity to make the producers of the product very mad at the author of the article, however, some think it also has the effect of forcing the company to fix the flaw as quickly as possible, now that the article is in front of public eyes. I did a search on google for network hardware security newsgroups and found a few. I would advise you to do the same and pick the appropriate one. Plus, there is always slashdot. --Andy Andy Clements Chief Engineer C & H Software LLC awc@candhsoftware.com On Tue, 21 Jan 2003, paul van den bergen wrote: > Hi all, > > not a freebsd question, but this is as good a place to ask as any when no > other obvious forum presents to me... > > if a security flaw were discovered in a piece of networking hardware, where > would one go to report it for confirmation (e.g. by those who know about > these things and can assess it as being an authoritive security hole)? > > > > -- > Dr Paul van den Bergen > Centre for Advanced Internet Architectures > caia.swin.edu.au > pvandenbergen@swin.edu.au > IM:bulwynkl2002 > would somebody get this big walking carpet out of my way? > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-newbies" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-newbies" in the body of the message