OpenBSD Vulnerabilty

*no comment* writes "Normally vulnerability reports on slashdot wouldn't make it because there are so many. This one however is for the normally very secure OpenBSD. Someone can crash an OpenBSD bridge using a newly discovered ICMP exploit. More can be read here. This shouldn't affect most people as this only affects people that use OBSD as a bridge."

Can't get to openbsd.org

[dtfinch]

slashdotted already?

Obligatory "No remote exploits in 0 days."

Re:Can't get to openbsd.org

[dtfinch]

Guess the problem was on my side. Works fine now.

Re:Can't get to openbsd.org

Guess the problem was on my side. Works fine now.

THANK FUCKING CHRIST! I WAS SOOOO WORRIED!

Re:Can't get to openbsd.org

[gatorade123]

The quote is "Only one remote hole in the default install, in more than 8 years!"

This exploit is only possible when you have bridging configured, which is not part of a default install, nor most common installations.

Re:Can't get to openbsd.org

[0racle]

This is a crash not an exploit, the OpenBSD team uses a very precise definition for that claim. They also seem to handle a crash that does not lead to an exploit in a more crass and off hand manner, but thats another story.

Re:Can't get to openbsd.org

Isn't not even an exploit, I mean, come'on people, get a clue here. There's a huge difference between a DoS and an Exploit. This does nothing, even if someone, somehow knew there was a bridge.

Re:Can't get to openbsd.org

You have to have a bridge setup *AND* enable the special IPsec processing support on the bridge which means *very few* people would be affected by this issue.

Re:Can't get to openbsd.org

[Espectr0]

And since nobody uses *BSD let alone openbsd then nothing bad will happen to anyone!

Re:Can't get to openbsd.org

You need to have more than just bridging configured - you need the link2 flag set on the bridge, which is only useful if you are bridging two networks via a VPN.

Re:Can't get to openbsd.org

[DashEvil]

...and it's not a remote hole.

Re:Can't get to openbsd.org

[Y2]

Isn't not even an exploit, I mean, come'on people, get a clue here. There's a huge difference between a DoS and an Exploit.

Come on, AC, get a dictionary here. It's a way to exploit (verb) a software bug to cause an effect. True, the effect is not The Big 0ne, but the word exploit (noun, new usage) still applies.

Still not really news

[pilybaby]

Normally vulnerability reports on slashdot wouldn't make it because there are so many

This might be unusual but it's really not that big a news. I suppose it shows that even the best are not infallible. Nice to see it's already been patched =).

In other words...

This shouldn't affect most people as this only affects people that use OBSD

That is to say, this won't affect anyone, as *BSD is dead.

Are you kidding me?

Normally vulnerability reports on slashdot wouldn't make it because there are so many.

That is, unless it's a vulnerability in Microsoft software.

Re:Are you kidding me?

[Mark_MF-WN]

It's only a big deal with Microsoft because the vulnerabilities in Microsoft software are typically quite severe and affect almost everyone.

Re:Are you kidding me?

[merdark]

Funny, I haven't been affected by even one microsoft vulnerability. I think slashdot overinflates the microsoft vulnerabilities.

The biggest microsoft vulnerability is the users. You could simply put up a page with instructions on how to install a backdoor prgram and many clueless users would go right ahead and do it so long as you promised great riches.

The only reason slashdot makes a big deal about microsoft vulnerabilities is because slashdot is pro linux and anit-microsoft. You want proof that slashdot is anti-microsoft?

Well, the slashdot microsoft icon is the windows icons, but with all the windows broken. No what fantasy world you live in, you cannot argue that that is not blatently anti-microsoft .

Re:Are you kidding me?

[grimharvest]

Exactly how is this insightful? If the pictures of Gates made up to look like a Borg are not enough of a clue then all the open source links at the top of the page should be. Is it possible people still come to this site and feel sorry for MS because they are "picked on" here?

Re:Are you kidding me?

[Mark_MF-WN]

I didn't realize that you were "most people". You think just because YOU haven't been affected by Microsoft vulnerabilities, that most other Windows users haven't been as well? That's an invalid generalization if there ever was one.

Slashdot is anti-microsoft for a reason -- Microsoft software is technologically inferior. It has way too many severe vulnerabilities. Without a firewall, a fresh Windows 2000 installation will have a worm within a minute of connecting to the internet. And that's without ever opening a single application. No other operating system EVER MADE can compare to that.

No matter what fantasy world you live in, you cannot argue that Windows is not horrifically insecure.

Re:Are you kidding me?

[Shanep]

Without a firewall, a fresh Windows 2000 installation will have a worm within a minute of connecting to the internet. And that's without ever opening a single application. No other operating system EVER MADE can compare to that.

Except for Windows XP. ; )

Re:Are you kidding me?

[javax]

"I haven't been affected by even one microsoft vulnerability"

Think this should be "I haven't yet noticed of being affected by even one"

Re:Are you kidding me?

[Lars+T.]

Funny, I haven't been affected by even one microsoft vulnerability.

You may actually think so, but you probably have. Had to wait for a product you ordered because a company involved in making or shipping it was hit by a mail worm? Had a slower internet "experience" because of Blaster? Get more Spam via distributed Spam relays installed by a worm? And I'm not even counting things like not being able to get cash at the ATM because it BSODed because that's not a vulnerability.

Re:Are you kidding me?

[merdark]

I didn't realize that you were "most people". You think just because YOU haven't been affected by Microsoft vulnerabilities, that most other Windows users haven't been as well? That's an invalid generalization if there ever was one.

Notice I never said that most windows users have not been affected by a vulnerability? Notice that I said *I* have never been affected? Not being affected has a lot to do with knowing how to secure computer systems and avoid installing suspect software.
I do not disagree that there are bad microsoft vulnerabilities that affect a ton of users. But, slashdot is still overly zealous in their reports on microsoft vulnerabilities.

Slashdot is anti-microsoft for a reason -- Microsoft software is technologically inferior.

Nope. Microsoft is not inferior at all. It is far more insecure, yes, but it's definatly not inferior. Part of why microsoft software is insecure is that it is far more complicated than other pieces of software. For instance, the recent run URI handler 'vulnerability' that slashdot jumped on. Mac OS X also has such functionality, and had similar vulnerabilites. Linux did not have similar vulnerabilites, because it does not have this functionality.

No other operating system EVER MADE can compare to that.

Keep in mind that no other operating system EVER MADE has had the reach or user base that Windows has either. No doubt people will learn from Microsoft's mistakes, just as Microsoft has. This is the way of the world.

Airplanes used to have very little security, and people would even smoke on them. Cars originally had no seat belts, and even when they did, wearing them was not mandatory for the longest time. Moterbike riders didn't used to wear, or have to wear, helments. These are all absurd things *now*, but at the time people did not realize it.

Operatining systems are no different. Before the internet, microsoft did not need to think of securing in the way they do now. They realized the importance of it too late, and are now in quite a bind.

I always find it funny that people on slashdot tend to have a holier than thou attitude instead of a "let's observe and learn" attitude. This is why slashdot's silly anti-microsoft slant annoys me so. Other sites report on windows problems without being so snide.

Re:Are you kidding me?

[NutscrapeSucks]

> No other operating system EVER MADE can compare to that.

Except RedHat Linux 5.x and 6.x.

The RH releases from the same era as W2K had dozens of remote holes in the install and had serveral worms targetting them, a long with lots of script kiddie activity. A study showed that an unpatched RedHat box would be owned in in a mean time of less than 5 minutes. Someone even made t-shirts that said "My other computer is your Linux box."

(However, like Win2000, a RH box could be secured by a competant administrator.)

Trying to judge technological inferiority by bug counts is inane, especially because Unix/Linux doesn't really have a significantly better record than Microsoft. (Compare the record of IIS6 versus Apache over the last year or so, for example...) So I would rephrase your statement: Slashdot is anti-microsoft for a reason -- Slashdot believes their shit don't stink

Re:Are you kidding me?

OpenBSD? In the immortal words of DeForest Kelley:

"It's dead, Jim."

Re:Are you kidding me?

[j-turkey]

Airplanes used to have very little security, and people would even smoke on them. Cars originally had no seat belts, and even when they did, wearing them was not mandatory for the longest time. Moterbike riders didn't used to wear, or have to wear, helments. These are all absurd things *now*, but at the time people did not realize it.

I know that this is completely offtopic...but I find our seatbelt and helmet laws patently absurd. Your example here is poor, since your view is not universally accepted. It comes down to the argument of who owns your body -- you or the goverment. I choose to wear seatbelts and helmets. I believe that not using them is just plain dumb...but I neither want this forced on me, nor do I believe it should be forced on anyone else.

Re:Are you kidding me?

[merdark]

Well, I don't necessarily agree that people should be FORCED to protect themselves. I was using the seatbelt example more as in "we didn't know how important they are" and hence didn't wear them.

Re:Are you kidding me?

[j-turkey]

Well, I don't necessarily agree that people should be FORCED to protect themselves. I was using the seatbelt example more as in "we didn't know how important they are" and hence didn't wear them.

Right on, I'm with you. My post was pretty far off topic and in hindsight...I probably should have kept my mouth shut.

Cheers!

Re:Are you kidding me?

[Y2]

I know that this is completely offtopic...but I find our seatbelt and helmet laws patently absurd. Your example here is poor, since your view is not universally accepted. It comes down to the argument of who owns your body -- you or the goverment.

[Equally OT. Sosumi.] I'd be happy to waive your obligation to use a helmet or a seatbelt if you'd waive all right to draw on public resources for medical treatment after an incident in which those devices are relevant.

Exploit announced: Allows root login to corpses

It is official -- Netcraft confirms: *BSD is dying

One more crippling bombshell hit the already beleaguered *BSD community when IDC confirmed that *BSD market share has dropped yet again, now down to less than a fraction of 1 percent of all servers. Coming on the heels of a recent Netcraft survey which plainly states that *BSD has lost more market share, this news serves to reinforce what we've known all along. *BSD is collapsing in complete disarray, as fittingly exemplified by failing dead last in the recent Sys Admin comprehensive networking test.

You don't need to be a Kreskin to predict *BSD's future. The hand writing is on the wall: *BSD faces a bleak future. In fact there won't be any future at all for *BSD because *BSD is dying. Things are looking very bad for *BSD. As many of us are already aware, *BSD continues to lose market share. Red ink flows like a river of blood.

FreeBSD is the most endangered of them all, having lost 93% of its core developers. The sudden and unpleasant departures of long time FreeBSD developers Jordan Hubbard and Mike Smith only serve to underscore the point more clearly. There can no longer be any doubt: FreeBSD is dying.

Let's keep to the facts and look at the numbers.

OpenBSD leader Theo states that there are 7000 users of OpenBSD. How many users of NetBSD are there? Let's see. The number of OpenBSD versus NetBSD posts on Usenet is roughly in ratio of 5 to 1. Therefore there are about 7000/5 = 1400 NetBSD users. BSD/OS posts on Usenet are about half of the volume of NetBSD posts. Therefore there are about 700 users of BSD/OS. A recent article put FreeBSD at about 80 percent of the *BSD market. Therefore there are (7000+1400+700)*4 = 36400 FreeBSD users. This is consistent with the number of FreeBSD Usenet posts.

Due to the troubles of Walnut Creek, abysmal sales and so on, FreeBSD went out of business and was taken over by BSDI who sell another troubled OS. Now BSDI is also dead, its corpse turned over to yet another charnel house.

All major surveys show that *BSD has steadily declined in market share. *BSD is very sick and its long term survival prospects are very dim. If *BSD is to survive at all it will be among OS dilettante dabblers. *BSD continues to decay. Nothing short of a miracle could save it at this point in time. For all practical purposes, *BSD is dead.

Fact: *BSD is dying

Hmm..

You mean that they aren't usually posted unless there's a way to blame Microsoft for the security problem?

Why'zit a 'Reliability' fix, not a 'Security' fix?

Here:

http://openbsd.org/errata.html

"All architectures

016: RELIABILITY FIX: August 26, 2004

As reported by Vafa Izadinia bridge(4)
with IPsec processing enabled can be crashed
remotely by a single ICMP echo traversing the
bridge.

A source code patch exists which remedies this problem.

015: RELIABILITY FIX: August 25, 2004

Improved verification of ICMP errors
in order to minimize the impact of ICMP attacks
against TCP.

http://www.ietf.org/internet-drafts/draft-gont-i cm p-payload-00.txt

A source code patch exists which remedies this problem."

Nevertheless, I still like its excellent record
in security stat's... OpenBSD, here I come...

OpenBSD is dying

It is now official. Netcraft confirms: *BSD is dying

One more crippling bombshell hit the already beleaguered *BSD community when IDC confirmed that *BSD market share has dropped yet again, now down to less than a fraction of 1 percent of all servers. Coming on the heels of a recent Netcraft survey which plainly states that *BSD has lost more market share, this news serves to reinforce what we've known all along. *BSD is collapsing in complete disarray, as fittingly exemplified by failing dead last in the recent Sys Admin comprehensive networking test.

You don't need to be an Amazing Kreskin to predict *BSD's future. The hand writing is on the wall: *BSD faces a bleak future. In fact there won't be any future at all for *BSD because *BSD is dying. Things are looking very bad for *BSD. As many of us are already aware, *BSD continues to lose market share. Red ink flows like a river of blood.

FreeBSD is the most endangered of them all, having lost 93% of its core developers. The sudden and unpleasant departures of long time FreeBSD developers Jordan Hubbard and Mike Smith only serve to underscore the point more clearly. There can no longer be any doubt: FreeBSD is dying.

Let's keep to the facts and look at the numbers.

OpenBSD leader Theo states that there are 7000 users of OpenBSD. How many users of NetBSD are there? Let's see. The number of OpenBSD versus NetBSD posts on Usenet is roughly in ratio of 5 to 1. Therefore there are about 7000/5 = 1400 NetBSD users. BSD/OS posts on Usenet are about half of the volume of NetBSD posts. Therefore there are about 700 users of BSD/OS. A recent article put FreeBSD at about 80 percent of the *BSD market. Therefore there are (7000+1400+700)*4 = 36400 FreeBSD users. This is consistent with the number of FreeBSD Usenet posts.

Due to the troubles of Walnut Creek, abysmal sales and so on, FreeBSD went out of business and was taken over by BSDI who sell another troubled OS. Now BSDI is also dead, its corpse turned over to yet another charnel house.

All major surveys show that *BSD has steadily declined in market share. *BSD is very sick and its long term survival prospects are very dim. If *BSD is to survive at all it will be among OS dilettante dabblers. *BSD continues to decay. Nothing short of a miracle could save it at this point in time. For all practical purposes, *BSD is dead.

Fact: *BSD is dead

Re:OpenBSD is dying

[uberTr011]

Shut up retard. You may have noticed that the article was for OpenBSD not FreeBSD. You're cut+paste troll is for FreeBSD. Even if you were talking about OpenBSD, why did they patch the OS then? Cuz it's still under active development, that's why. In fact, OpenBSD 3.6 is due Nov 1st. FreeBSD 5.3 will be out a few weeks. DragonFly BSD released 1.0 one month ago.

BSD is dying my ass.

Re:OpenBSD is dying

I bet your father's cum tastes like steak sauce

Re:OpenBSD is dying

Are you asking because you're interested? You sound like the kind of guy who wants to swallow another mans semen.

Re:OpenBSD is dying

You sound like the kind of guy who wants to swallow another mans semen.

I'm bored with felching my cat and I want to try something new. I also like to stick raisins up my butt.

Re:Exploit announced: Allows root login to corpses

[uberTr011]

Shut up retard. You may have noticed that the article was for OpenBSD not FreeBSD. You're cut+paste troll is for FreeBSD. Even if you were talking about OpenBSD, why did they patch the OS then? Cuz it's still under active development, that's why. In fact, OpenBSD 3.6 is due Nov 1st. FreeBSD 5.3 will be out a few weeks. DragonFly BSD released 1.0 one month ago.

BSD is dying my ass.

OpenBSD ICMP vulnerability obviously bogus

[SlashCrunchPop]

11:55:01 <Theo> For the last time, there is no ICMP vulnerability, period!!!
11:55:08 <Niels> OK, man, whatever you say. So who submitted the bug report in the first place?
11:56:23 <Theo> Who cares? It's B-O-G-U-S! Now leave me alone, can't you see I'm busy?! 11:56:29 <Niels> Jeez, would it kill you to give me the details on this alleged bug?
11:59:51 <Niels> Theo? Are you there, man?
^An

citi:~> ping -P "out ipsec ah/transport/10.0.1.1-10.0.2.2/use esp/tunnel/10.0.1.1-10.0.1.2/require" 10.0.2.2
PING zeus.theos.com (10.0.2.2): 56 data bytes
^C
--- 10.0.2.2 ping statistics ---
3 packets transmitted, 0 packets received, 100% packet loss
citi:~>

^Ap
12:00:00 *** Signoff: Theo (Read error: EOF from client)
/.
^^ typed in shock in an attempt to do a /whowas Theo

Re:OpenBSD ICMP vulnerability obviously bogus

LOL!!! Now that's funny! Good one man.

Re:Why'zit a 'Reliability' fix, not a 'Security' f

[shiftyphil]

Because the worst you can do with it is crash the system, not gain access.

Deep thoughts

If you think about it for a minute, you can only reach one conclusion: *BSD is dying.

That's life. There are winners. There are losers. BSD lost.

OpenBSD stole code from SCO

Hi, my name is Randall. I'm a former employee of SCO, formerly Caldera Systems. I've had the opportunity to use OpenBSD for the first time, and was highly impressed with it's great balance of security and ease of use. I was so interested that I decided to download the source code and take a look inside. Then I started to notice familiarities, deja vu if you will. It didn't really dawn on me until I saw a simple comment: // remove this function, debug only -- Randall

Now, with all the Linux/SCO nonsense going on (don't worry, I think the code being stolen from SCO is hogwash), I couldn't believe it. Here in front of my face was real stolen code from SCO Unix in OpenBSD. I didn't even know how to react. I decided posting this anonymously was the best way to go. Rather than try anything legal (since I'm no longer employed at SCO group), posting this and letting everyone decide for themselves (because, let's face it, most people won't listen to this) is my best option for clearing my conscience. Go, look for it. It's there.

Now that's some good trolling!

For the uninitiated: BSD is a free, completely legal flavour of UNIX developed at UC Berkley, rather than a unixlike OS.

But then if you're reading posts for a BSD you probably already know that

It's time for the Daily Puzzler

Today's Puzzler asks you to discover what the following four items have in common:

1. Laci Peterson
2. Lori Hacking
3. Nicole Simpson
4. OpenBSD

Submit your response along with a stamped self-addressed envelope.
See contest rules for details. Void where prohibited.

Re:Exploit announced: Allows root login to corpses

[grahamlee]

You forgot Darwin/BSD among that lot.

Lessons learned too late

What We Can Learn From BSD
By Chinese Karma Whore, Version 1.0

Everyone knows about BSD's failure and imminent demise. As we pore over the history of BSD, we'll uncover a story of fatal mistakes, poor priorities, and personal rivalry, and we'll learn what mistakes to avoid so as to save Linux from a similarly grisly fate.

Let's not be overly morbid and give BSD credit for its early successes. In the 1970s, Ken Thompson and Bill Joy both made significant contributions to the computing world on the BSD platform. In the 80s, DARPA saw BSD as the premiere open platform, and, after initial successes with the 4.1BSD product, gave the BSD company a 2 year contract.

These early triumphs would soon be forgotten in a series of internal conflicts that would mar BSD's progress. In 1992, AT&T filed suit against Berkeley Software, claiming that proprietary code agreements had been haphazardly violated. In the same year, BSD filed countersuit, reciprocating bad intentions and fueling internal rivalry. While AT&T and Berkeley Software lawyers battled in court, lead developers of various BSD distributions quarreled on Usenet. In 1995, Theo de Raadt, one of the founders of the NetBSD project, formed his own rival distribution, OpenBSD, as the result of a quarrel that he documents on his website. Mr. de Raadt's stubborn arrogance was later seen in his clash with Darren Reed, which resulted in the expulsion of IPF from the OpenBSD distribution.

As personal rivalries took precedence over a quality product, BSD's codebase became worse and worse. As we all know, incompatibilities between each BSD distribution make code sharing an arduous task. Research conducted at MIT found BSD's filesystem implementation to be "very poorly performing." Even BSD's acclaimed TCP/IP stack has lagged behind, according to this study.

Problems with BSD's codebase were compounded by fundamental flaws in the BSD design approach. As argued by Eric Raymond in his watershed essay, The Cathedral and the Bazaar, rapid, decentralized development models are inherently superior to slow, centralized ones in software development. BSD developers never heeded Mr. Raymond's lesson and insisted that centralized models lead to 'cleaner code.' Don't believe their hype - BSD's development model has significantly impaired its progress. Any achievements that BSD managed to make were nullified by the BSD license, which allows corporations and coders alike to reap profits without reciprocating the goodwill of open-source. Fortunately, Linux is not prone to this exploitation, as it is licensed under the GPL.

The failure of BSD culminated in the resignation of Jordan Hubbard and Michael Smith from the FreeBSD core team. They both believed that FreeBSD had long lost its earlier vitality. Like an empire in decline, BSD had become bureaucratic and stagnant. As Linux gains market share and as BSD sinks deeper into the mire of decay, their parting addresses will resound as fitting eulogies to BSD's demise.

Something to think about

BSD? Bones said it best:

It's dead, Jim.

Where are mod points when I need them?

[cipher+chort]

Clearly the parent has been in the security or networking business for more than a few years.

In fact, I recall when RH7.0 came out and was followed almost immediately by 7.1 because of so many remote holes. I've seen several friends have their Linux boxes rooted, and I'm moderator on a Linux forum where we get at least one person a week (some times one a day) asking how they can repair their system because it was cracked.

On the other hand, none of my OpenBSD boxes have ever been cracked... come to think of it, none of my Windows or Mac boxes ever have been, either.

Re:Where are mod points when I need them?

[chez69]

strange, I've used redhat since 5.0 and have never been rooted. I guess some folks just don't realize that you should secure your machine before connecting it to an unsecure network.

Re:Where are mod points when I need them?

[NutscrapeSucks]

The biggest problem is that both Old RedHat and Old Windows automatically started many services right after install. When you're talking about a window of only few minutes before you're cracked, that's not good even if the administrator realizes he needs to reconfigure and patch.

Re:Why'zit a 'Reliability' fix, not a 'Security' f

It is now official. Netcraft has confirmed: *BSD is dying

One more crippling bombshell hit the already beleaguered *BSD community when IDC confirmed that *BSD market share has dropped yet again, now down to less than a fraction of 1 percent of all servers. Coming on the heels of a recent Netcraft survey which plainly states that *BSD has lost more market share, this news serves to reinforce what we've known all along. *BSD is collapsing in complete disarray, as fittingly exemplified by failing dead last in the recent Sys Admin comprehensive networking test.

You don't need to be an Amazing Kreskin to predict *BSD's future. The hand writing is on the wall: *BSD faces a bleak future. In fact there won't be any future at all for *BSD because *BSD is dying. Things are looking very bad for *BSD. As many of us are already aware, *BSD continues to lose market share. Red ink flows like a river of blood.

FreeBSD is the most endangered of them all, having lost 93% of its core developers. The sudden and unpleasant departures of long time FreeBSD developers Jordan Hubbard and Mike Smith only serve to underscore the point more clearly. There can no longer be any doubt: FreeBSD is dying.

Let's keep to the facts and look at the numbers.

OpenBSD leader Theo states that there are 7000 users of OpenBSD. How many users of NetBSD are there? Let's see. The number of OpenBSD versus NetBSD posts on Usenet is roughly in ratio of 5 to 1. Therefore there are about 7000/5 = 1400 NetBSD users. BSD/OS posts on Usenet are about half of the volume of NetBSD posts. Therefore there are about 700 users of BSD/OS. A recent article put FreeBSD at about 80 percent of the *BSD market. Therefore there are (7000+1400+700)*4 = 36400 FreeBSD users. This is consistent with the number of FreeBSD Usenet posts.

Due to the troubles of Walnut Creek, abysmal sales and so on, FreeBSD went out of business and was taken over by BSDI who sell another troubled OS. Now BSDI is also dead, its corpse turned over to yet another charnel house.

All major surveys show that *BSD has steadily declined in market share. *BSD is very sick and its long term survival prospects are very dim. If *BSD is to survive at all it will be among OS dilettante dabblers. *BSD continues to decay. Nothing short of a miracle could save it at this point in time. For all practical purposes, *BSD is dead.

Fact: *BSD is dying

Which proves nothing

[cipher+chort]

None of my Windows boxes have ever been rooted, either. What's your point? You can secure any OS, so what's really important is the default state. Someone who immediately connects a box with Red Hat to a network will get rooted just as fast as someone who connects a default install of Win2K.

Re:Why'zit a 'Reliability' fix, not a 'Security' f

Since when does "security" mean "not letting anybody gain access"? "Security" means eliminating risks. Somebody crashing all your routers counts as a risk in my book.

Re:Why'zit a 'Reliability' fix, not a 'Security' f

Since when does "security" mean "not letting anybody gain access"? "Security" means eliminating risks. Somebody crashing all your routers counts as a risk in my book.

Denial of service, by itself, is never a security risk. It might contribute to one, but by itself it is not.

Even in the real world, if you close down a building to prevent someone from placing a bomb, the building is secure. None of the usual business gets done, but it's still secure because the bad guys stay out. A traffic jam right outside your house will prevent you from leaving, but your home is still secure. Your money is still secure on a bank holiday.

Security is about keeping unauthorized people from gaining control of your resources. Merely stopping you from using them does not count.

Re:Why'zit a 'Reliability' fix, not a 'Security' f

Security is about keeping unauthorized people from gaining control of your resources.

Restating it doesn't make it any more truer. You do realise that you just ignored what I said entirely and repeated the original mistake without anything new to add, don't you?

Security is about keeping your systems secure. "Secure" does not mean "unauthorised people can't get access". "Secure", in layman's terms, means "safe". That's safe from unauthorised intruders, safe from denial of service, safe from floods in the location of your servers, safe in the event of fires, hurricanes, etc. Safe. That's what secure means. Go and look it up in the dictionary, or, even better, take a few computer security courses.

It's not just about script kiddies. That's the mistake I pointed out, and it's the point that completely went over your head.