version 1.466, 2005/07/06 22:04:34 |
version 1.467, 2005/07/07 09:07:19 |
|
|
<li><font color="#009000"><strong> |
<li><font color="#009000"><strong> |
<a href="http://kerneltrap.org/node/5382"> |
<a href="http://kerneltrap.org/node/5382"> |
Feature: OpenBSD Hackathon 2005, Part III</a>, |
Feature: OpenBSD Hackathon 2005, Part III</a>, |
The Register, July 6, 2005</strong></font><br> |
Kerneltrap, July 6, 2005</strong></font><br> |
Jeremy Andrews writes about the recent Blind ICMP attacks discovered |
Jeremy Andrews writes about the recent Blind ICMP attacks discovered |
by Fernando Gont, and the fixes done by him and OpenBSD during the |
by Fernando Gont, and the fixes done by him and OpenBSD during the |
2005 Hackathon. |
2005 Hackathon. |
|
The article talks extensively about the technical background of the |
|
attacks, mentioning blind ICMP attacks, "hard" ICMP errors, source |
|
quenching, and path MTU discovery. |
|
Many helpful RFCs and technical papers are linked from the explanations. |
|
They are followed by a recall of the whole ICMP story, involving Gont's |
|
struggle with other free projects, Cisco lawyers, Microsoft people, |
|
and others.<br> |
|
The article comes to the conclusion that OpenBSD was the first project |
|
to take Fernando Gont's findings seriously, and also the first group to |
|
be really painless to work with. |
<p> |
<p> |
|
|
<li><font color="#009000"><strong> |
<li><font color="#009000"><strong> |
|
|
The Register, July 6, 2005</strong></font><br> |
The Register, July 6, 2005</strong></font><br> |
This article talks about various groups that are frequently blamed for |
This article talks about various groups that are frequently blamed for |
poor security: |
poor security: |
Individuals, ISPs, companies, crackers, security mailing lists, |
individuals, ISPs, companies, crackers, security mailing lists, |
and last but not least: OS vendors! |
and last but not least: OS vendors! |
In this last paragraph, OpenBSD's style of <i>"dumbed-down, simplified |
In the last paragraph, OpenBSD's style of <i>"dumbed-down, simplified |
and secure systems (with a heavily audited code base)"</i> is described |
and secure systems (with a heavily audited code base)"</i> is described |
as <i>"one of the smartest approaches to security"</i>. |
as <i>"one of the smartest approaches to security"</i>. |
<p> |
<p> |