User: I)ruid

Re:Did he take it well?

on DNS Attack Writer a Victim of His Own Creation

Forgot to add the link to HD's comment on the article (with attack details):

http://blog.metasploit.com/2008/07/on-dns-attacks-in-wild-and-journalistic.html

Re:Did he take it well?

on DNS Attack Writer a Victim of His Own Creation

The quote in the original article has since been corrected (removed) by the original source, because it was a completely falsified quote.

Re:The push for DNSSec

on Kaminsky's DNS Attack Disclosed, Then Pulled

a/s/l? (:

Equivalent Advisory circa 1998

on CERT Advisory On Malicious HTML Tags

This is not a new discovery, in fact, we released an advisory about it in December of 1998. The advisory can be found here: http://www.caughq.org/files/pub/A dvisories/000005. This advisory was sent at the time of release to Yahoo, who promptly fixed their search engine, and was also sent to the BugTraq mailing list where it was promptly denied posting because "This isn't a hack." This has been around for quite a long time, I guess it just takes a CERT advisory to make people take notice.
NOTE: This is a duplicate post, the original was posted in reply to the wrong post

Re:Is this a new discovery?

on CERT Advisory On Malicious HTML Tags

This is not a new discovery, in fact, we released an advisory about it in December of 1998. The advisory can be found here: http://www.caughq.org/files/pub/A dvisories/000005. This advisory was sent at the time of release to Yahoo, who promptly fixed their search engine, and was also sent to the BugTraq mailing list where it was promptly denied posting because "This isn't a hack." This has been around for quite a long time, I guess it just takes a CERT advisory to make people take notice.

Berkley Song

on Tuesday Quickies

Someone with some musical skill needs to mp3 that song...