[prev in list] [next in list] [prev in thread] [next in thread] 

List:       full-disclosure
Subject:    Re: [Full-disclosure] Microsoft takes 7 years to 'solve' a problem?!
From:       "Elazar Broad" <elazar () hushmail ! com>
Date:       2008-11-28 19:06:48
Message-ID: 20081128190649.9B6D128040 () smtp ! hushmail ! com
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dan has been an exception to just about every rule, including the
"you should take me seriously" rule. Not that this is a good thing,
the guy is brilliant...

On Wed, 26 Nov 2008 14:40:42 -0500 Paul Schmehl
<pschmehl_lists@tx.rr.com> wrote:
>--On November 26, 2008 1:59:27 AM -0600 Elazar Broad
><elazar@hushmail.com>
>wrote:
>
>>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Um, NTLM isn't the only 20 or so year old protocol to take the
>rap
>> recently, I can think of a low numbered rfc, lets say 1034 and
>> 1035. Hindsight is 20/20, and 20 years ago, who would have
>thought
>> that a 16 bit number was way too small for DNS transaction id,
>the
>> same "who would have though" goes for NTLM and the rest. Lets
>face
>> it, protocol design bugs suck, and to completely replace a
>widely
>> used protocol ranks pretty high in the PiTA hall of fame...
>>
>
>In that particular case Dan Bernstein not only *did* think about
>it but
>actually did something about it.  It's just that no one else was
>listening.
>
>Paul Schmehl, If it isn't already
>obvious, my opinions are my own
>and not those of my employer.
>******************************************
>WARNING: Check the headers before replying
-----BEGIN PGP SIGNATURE-----
Charset: UTF8
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 3.0

wpwEAQECAAYFAkkwQUkACgkQi04xwClgpZiDIQP9FlPRrcxmuee/EiJFAAYZrAeTKvqj
Lze+xlyTfWickh0JaczRYfNnho5MWAiie+jF5QjcXPJTch64hWvxm8PzjRbIqcnGGbMa
dtvUk7PF7hELryWHy8CRu/WGHq5ejD3CFegdnX9HpbKD8zBXmuJdtNpSc0wwGvGcxe9z
XBCqXx4=
=w/u9
-----END PGP SIGNATURE-----

--
Click here to choose from a huge selection of the billiard accessories you need.
http://tagline.hushmail.com/fc/PnY6qxubm7YZMMzPW1eIA3ZOBhrMWDmFw8sLmh0HJftgy2H1YOYys/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[prev in list] [next in list] [prev in thread] [next in thread] 

Configure | About | News | Add a list | Sponsored by KoreLogic