[14563] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Announcing: Solaris Fingerprint Database (sfpDB) on SunSolve

daemon@ATHENA.MIT.EDU (Morten Welinder)
Wed Apr 19 04:01:48 2000

Message-Id:  <200004181443.QAA26737@tyr.diku.dk>
Date:         Tue, 18 Apr 2000 16:43:43 +0200
Reply-To: Morten Welinder <terra@DIKU.DK>
From: Morten Welinder <terra@DIKU.DK>
X-To:         bugtraq@securityfocus.com
To: BUGTRAQ@SECURITYFOCUS.COM

Such a database is all good and fine, but it inheritly has at
least one weakness: an attacker can install an old, but genuine
Sun binary with a security hole in it.

If you did a post mortem and found such a file, would you say
"I must have forgotten to update that file" or would you say
"There is something rotten in the State of Denmark"?

(Nevertheless, your database is obviously much better than having
nothing at all.)

Morten


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[14563] in bugtraq

Re: Announcing: Solaris Fingerprint Database (sfpDB) on SunSolve

daemon@ATHENA.MIT.EDU (Morten Welinder)Wed Apr 19 04:01:48 2000

daemon@ATHENA.MIT.EDU (Morten Welinder)
Wed Apr 19 04:01:48 2000