and their over-hyped "security" focus. They can't even behave
responsibly when a remote execution bug shows up.
http://www.coresecurity.com/index.php5?
module=ContentMod&action=item&id=1703
(Anyone else remember Clinton's "deny deny deny"?)
They've now been forced to change their tagline to, "Only two remote
holes in the default install, in more than 10 years!"
(The previous hole was an OpenSSH exploit found by Mark Dowd in June
2002.)
Gee, it could be, "OpenBSD: exploitable every five years, thus far!"
they even won an award for their bad behavior: http://pwnie-
awards.org/winners.html:
---
Pwnie for Lamest Vendor Response
Awarded to the vendor who mishandled a security vulnerability most
spectacularly.
OpenBSD IPv6 mbuf kernel buffer overflow (CVE-2007-1365)
OpenBSD team
The OpenBSD team refused to acknowledge the bug as a security
vulnerability and issued a "reliability fix" for it.
A week later Core Security had developed proof of concept code that
demonstrated remote code execution.
Read the full timeline and quotes in the Core advisory (above).
_______________________________________________
[email protected] mailing list
http://lists.hosef.org/cgi-bin/mailman/listinfo/luau
