===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/Attic/press.html,v
retrieving revision 1.468
retrieving revision 1.469
diff -c -r1.468 -r1.469
*** www/Attic/press.html 2005/07/07 16:18:45 1.468
--- www/Attic/press.html 2005/07/07 21:23:32 1.469
***************
*** 26,39 ****
Jeremy Andrews writes about the recent Blind ICMP attacks discovered
by Fernando Gont, and the fixes done by him and OpenBSD during the
2005 Hackathon.
! The article talks extensively about the technical background of the
attacks, mentioning blind ICMP attacks, "hard" ICMP errors, source
! quenching, and path MTU discovery.
! Many helpful RFCs and technical papers are linked from the explanations.
! They are followed by a recall of the whole ICMP story, involving Gont's
struggle with other free projects, Cisco lawyers, Microsoft people,
and others.
! The article comes to the conclusion that OpenBSD was the first project
to take Fernando Gont's findings seriously, and also the first group to
be really painless to work with.
--- 26,39 ----
Jeremy Andrews writes about the recent Blind ICMP attacks discovered
by Fernando Gont, and the fixes done by him and OpenBSD during the
2005 Hackathon.
! The article goes into the technical background of the
attacks, mentioning blind ICMP attacks, "hard" ICMP errors, source
! quenching, and path MTU discovery;
! many helpful RFCs and technical papers are linked from the explanations.
! This is followed by a recap of the whole ICMP story, involving Gont's
struggle with other free projects, Cisco lawyers, Microsoft people,
and others.
! The article concludes that OpenBSD was the first project
to take Fernando Gont's findings seriously, and also the first group to
be really painless to work with.
***************
*** 77,90 ****
issue June 25, 2005
This article looks at computer crime, especially the way upcoming
vulnerability reports are dealt with. It also gives a short overview of the
! different institutions involved in the process (vendors, free projects, CERTs).
The author mentions the work of Andy Ozment, who researches vulnerability
disclosure at the University of Cambridge. Using OpenBSD as a good example
of how disclosure and consequent fixing of bugs helps to strengthen security,
he refutes the widely spread FUD that disclosing vulnerabilities leads to
more harm than good. Ozment's methodology was to examine OpenBSD's CVS logs
! and noting when fixes were published; his research shows that
"the number of vulnerabilities decreases as a result of disclosure".
--- 77,90 ----
issue June 25, 2005
This article looks at computer crime, especially the way upcoming
vulnerability reports are dealt with. It also gives a short overview of the
! institutions involved in the process (vendors, free projects, CERTs).
The author mentions the work of Andy Ozment, who researches vulnerability
disclosure at the University of Cambridge. Using OpenBSD as a good example
of how disclosure and consequent fixing of bugs helps to strengthen security,
he refutes the widely spread FUD that disclosing vulnerabilities leads to
more harm than good. Ozment's methodology was to examine OpenBSD's CVS logs
! and note when fixes were published; his research shows that
"the number of vulnerabilities decreases as a result of disclosure".
*************** *** 4866,4872 ****