From owner-freebsd-chat Sat Feb 10 4:13:59 2001 Delivered-To: freebsd-chat@freebsd.org Received: from mta5.snfc21.pbi.net (mta5.snfc21.pbi.net [206.13.28.241]) by hub.freebsd.org (Postfix) with ESMTP id 4026637B6A0 for ; Sat, 10 Feb 2001 04:13:20 -0800 (PST) Received: from xor.obsecurity.org ([63.207.60.15]) by mta5.snfc21.pbi.net (Sun Internet Mail Server sims.3.5.2000.01.05.12.18.p9) with ESMTP id <0G8G00A2JTMADT@mta5.snfc21.pbi.net> for freebsd-chat@FreeBSD.org; Thu, 8 Feb 2001 17:03:50 -0800 (PST) Received: by xor.obsecurity.org (Postfix, from userid 1000) id BF5E166B62; Thu, 08 Feb 2001 17:06:26 -0800 (PST) Date: Thu, 08 Feb 2001 17:06:26 -0800 From: Kris Kennaway Subject: Re: FreeBSD Ports Security Advisory: FreeBSD-SA-01:INSERT_NUMBER_HERE In-reply-to: <200102090101.SAA29682@usr08.primenet.com>; from tlambert@primenet.com on Fri, Feb 09, 2001 at 01:00:59AM +0000 To: Terry Lambert Cc: freebsd-chat@FreeBSD.org Message-id: <20010208170626.A50989@mollari.cthul.hu> MIME-version: 1.0 Content-type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="2oS5YaxWCcQjTEyO" Content-disposition: inline User-Agent: Mutt/1.2.5i References: <200102082016.PAA29933@vws3.interlog.com> <200102090101.SAA29682@usr08.primenet.com> Sender: owner-freebsd-chat@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org --2oS5YaxWCcQjTEyO Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Feb 09, 2001 at 01:00:59AM +0000, Terry Lambert wrote: > > Topic: FreeBSD on record to set most advisory releases for > > year 2001 >=20 > Heh. But obviously someone is out to challenge them for the record, > issuing these ones, since they weren't issued by FreeBSD. >=20 > [ ... ] >=20 > > We will not be mentioning the ultra secure OpenBSD operating system > > since we feel it is not our problem and does not help to promote a > > better OS than our own. >=20 > The interesting problem here is that OpenBSD is vulnerable to > hardware limitation based attacks at boot time. They themselves > draw the line at auditing the hardware and firmware of every > motherboard out there. Some viable attacks on OpenBSD can still > be instituted via a network connection. You have to draw the > line somewhere, and that's one of the places they draw theirs. Actually, what I find really funny is that this guy doesn't realise that OpenBSD have many of the same ports in their ports collection, which are vulnerable to the same problems. They just don't have the resources (or desire, or whatever - I'm not knocking OpenBSD for this) to write advisories for them. Kris --2oS5YaxWCcQjTEyO Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE6g0KSWry0BWjoQKURAnkWAKD8ciIWBr7HPuNwINx9CQ+OSiSATgCgllmp ts0ifbylmbFrIUYhkhqlScQ= =WsgP -----END PGP SIGNATURE----- --2oS5YaxWCcQjTEyO-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message