Re: Oi Assistance

Brian, Please could you write me privately. May be I can help you. Let me know what are you trying to do. BR, Alessandro On Sep 26, 2014 9:29 AM, "Arturo Servin" wrote: > Try LACNOG or GTER (aka Brazilian NOG group) emailing list. > > May be somebody there could help. > > Regards > as > > > On

peeringdb

Trying to update some records on peeringdb.com and am not getting much response. Just wondering if I am the only one. I am not getting response back from support. Figured this would be a good place to ask. More curious than anything. Thanks, Justin -- Justin Wilson http://www.mtin.net

Re: peeringdb

On Sat, Sep 27, 2014 at 09:46:53AM -0400, Justin Wilson wrote: > Trying to update some records on peeringdb.com and am not getting much > response. Just wondering if I am the only one. I am not getting > response back from support. Figured this would be a good place to ask. > More curious than anyt

Re: NANOG College Immersion Program

Hi Dave, Some questions regarding this program: 0) Is there a webpage somewhere with more information? 1) How do students/professors apply? 2) Who can qualify for this program? Are there age restrictions? Undergrads? Graduate students? Are there geographical restrictions? 3) How many seats are t

Re: update

- Original Message - > From: "Keith Medcalf" > Unfortunately, that page contains near the top the ludicrous and > impossible assertion: > > ""Familiarity Breeds Contempt: The Honeymoon Effect and the Role of > Legacy Code in Zero-Day Vulnerabilities", by Clark, Fry, Blaze and > Smith mak

Re: update

On Sat, Sep 27, 2014 at 8:10 PM, Jay Ashworth wrote: > I haven't an example case, but it is theoretically possible. Qmail-smtpd has a buffer overflow vulnerability related to integer overflow which can only be reached when compiled on a 64-bit platform. x86_64 did not exist when the code was or

RE: update

>> Unfortunately, that page contains near the top the ludicrous and >> impossible assertion: >> ""Familiarity Breeds Contempt: The Honeymoon Effect and the Role of >> Legacy Code in Zero-Day Vulnerabilities", by Clark, Fry, Blaze and >> Smith makes clear that ignoring these devices is foolhardy; >

Re: update

On Sat, 27 Sep 2014 21:10:28 -0400, Jay Ashworth said: > I haven't an example case, but it is theoretically possible. The sendmail setuid bug, where it failed to check the return code because it was *never* possible for setuid from root to non-root to fail... ... until the Linux kernel grew new f

RE: update

On Saturday, 27 September, 2014 20:49, Jimmy Hess said: >On Sat, Sep 27, 2014 at 8:10 PM, Jay Ashworth wrote: >> I haven't an example case, but it is theoretically possible. >Qmail-smtpd has a buffer overflow vulnerability related to integer >overflow which can only be reached when compiled on

RE: update

This is another case where a change was made. If the change had not been made (implement the new kernel) then the vulnerability would not have been introduced. The more examples people think they find, the more it proves my proposition. Vulnerabilities can only be introduced or removed throug

Re: update

On Fri, Sep 26, 2014 at 11:11 PM, Keith Medcalf wrote: > On Friday, 26 September, 2014 08:37,Jim Gettys said: >>http://cyber.law.harvard.edu/events/luncheon/2014/06/gettys > > ""Familiarity Breeds Contempt: The Honeymoon Effect and the Role of Legacy > Code in Zero-Day Vulnerabilities", by Clark

RE: update

On Saturday, 27 September, 2014 23:29, Kenneth Finnegan said: >> My original proposition still holds perfectly: >> >> (1) The vulnerability profile of a system is fixed at system >> commissioning. >> (2) Vulnerabilities do not get created nor destroyed except through >> implementation o