===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/Attic/press.html,v
retrieving revision 1.468
retrieving revision 1.469
diff -c -r1.468 -r1.469
*** www/Attic/press.html	2005/07/07 16:18:45	1.468
--- www/Attic/press.html	2005/07/07 21:23:32	1.469
***************
*** 26,39 ****
  Jeremy Andrews writes about the recent Blind ICMP attacks discovered
  by Fernando Gont, and the fixes done by him and OpenBSD during the
  2005 Hackathon.
! The article talks extensively about the technical background of the
  attacks, mentioning blind ICMP attacks, "hard" ICMP errors, source
! quenching, and path MTU discovery.
! Many helpful RFCs and technical papers are linked from the explanations.
! They are followed by a recall of the whole ICMP story, involving Gont's
  struggle with other free projects, Cisco lawyers, Microsoft people,
  and others.<br>
! The article comes to the conclusion that OpenBSD was the first project
  to take Fernando Gont's findings seriously, and also the first group to
  be really painless to work with.
  <p>
--- 26,39 ----
  Jeremy Andrews writes about the recent Blind ICMP attacks discovered
  by Fernando Gont, and the fixes done by him and OpenBSD during the
  2005 Hackathon.
! The article goes into the technical background of the
  attacks, mentioning blind ICMP attacks, "hard" ICMP errors, source
! quenching, and path MTU discovery;
! many helpful RFCs and technical papers are linked from the explanations.
! This is followed by a recap of the whole ICMP story, involving Gont's
  struggle with other free projects, Cisco lawyers, Microsoft people,
  and others.<br>
! The article concludes that OpenBSD was the first project
  to take Fernando Gont's findings seriously, and also the first group to
  be really painless to work with.
  <p>
***************
*** 77,90 ****
  issue June 25, 2005</strong></font><br>
  This article looks at computer crime, especially the way upcoming
  vulnerability reports are dealt with. It also gives a short overview of the
! different institutions involved in the process (vendors, free projects, CERTs).
  <br>
  The author mentions the work of Andy Ozment, who researches vulnerability
  disclosure at the University of Cambridge. Using OpenBSD as a good example
  of how disclosure and consequent fixing of bugs helps to strengthen security,
  he refutes the widely spread FUD that disclosing vulnerabilities leads to
  more harm than good. Ozment's methodology was to examine OpenBSD's CVS logs
! and noting when fixes were published; his research shows that
  <i>"the number of vulnerabilities decreases as a result of disclosure"</i>.
  <p>
  
--- 77,90 ----
  issue June 25, 2005</strong></font><br>
  This article looks at computer crime, especially the way upcoming
  vulnerability reports are dealt with. It also gives a short overview of the
! institutions involved in the process (vendors, free projects, CERTs).
  <br>
  The author mentions the work of Andy Ozment, who researches vulnerability
  disclosure at the University of Cambridge. Using OpenBSD as a good example
  of how disclosure and consequent fixing of bugs helps to strengthen security,
  he refutes the widely spread FUD that disclosing vulnerabilities leads to
  more harm than good. Ozment's methodology was to examine OpenBSD's CVS logs
! and note when fixes were published; his research shows that
  <i>"the number of vulnerabilities decreases as a result of disclosure"</i>.
  <p>
  
***************
*** 4866,4872 ****
  <hr>
  <a href="index.html"><img height=24 width=24 src=back.gif border=0 alt=OpenBSD></a>
  <a href="mailto:www@openbsd.org">www@openbsd.org</a>
! <br><small>$OpenBSD: press.html,v 1.468 2005/07/07 16:18:45 grunk Exp $</small>
  
  </body>
  </html>
--- 4866,4872 ----
  <hr>
  <a href="index.html"><img height=24 width=24 src=back.gif border=0 alt=OpenBSD></a>
  <a href="mailto:www@openbsd.org">www@openbsd.org</a>
! <br><small>$OpenBSD: press.html,v 1.469 2005/07/07 21:23:32 ian Exp $</small>
  
  </body>
  </html>