> Well failure to recognize that 0.0.0.0 is yourself is not
> quite DNS related exploit. It is a bug.
I'll buy that, but it isn't a security hole. You did note the word
"security" between "qmail" and "challenge," yes? Its in the titlebar, the
large words at the top of the page, and the first paragraph.
> I like these rules that say "yeah we are setting up a
> challenge, but there is no way that you could ever win it"...
It wasn't a bug hunt, it was a security challenge. The rules listed
are reasonable, if you keep that in mind.
> If you ask me, qmail is far from bug free...
Okay, but how many of those bugs can be exploited to breach
security? (NOTE: a DOS is not a security breach.) Please, go find one,
there is still a $500 prize available.
> - this sort of "attack" is in use and causing problems with site that
> selected qmail as their MTA
This sort of "attack" causes little more trouble than
double-bounces. Frankly, we've discussed DOS scenarios with qmail that make
this look like a piece of wet popcorn. Note that qmail's integral mail loop
detection stops this attack quickly.
> So saying "it does not fit our challenge because you need to
> use DNS to perform the attack" is like saying "well qmail is
> perfectly safe if you don't use it in the real world"... Good
> PR move guys, and a cheap one too!
Nobody said that. We said it wasn't a security breach, it was a
DOS, and an extremely limited DOS at that. If you don't understand the
difference, go read some more.
Let's read that line again:
"bugs are specifically disqualified:
Exploits that involve corrupting DNS data, breaking TCP/IP, breaking NFS, or
denying service (except for the case above). "
You apparently stopped at the first comma. Try going all the way to
the period.
> Well my answer to this is "don't use qmail"
Given your logic, you should stop using computers. I've noticed
bugs at all levels, from the BIOS and CPU on up. But then you wouldn't get
to go trolling, now would you?
--
gowen -- Greg Owen -- [EMAIL PROTECTED]
SoftLock.com is now DigitalGoods!
