Email or username:

Password:

Forgot your password?
Jan Wildeboer 😷:krulorange:'s posts Post Back to profile
Top-level
Tony Hoyle

@jwildeboer That's awful. What possessed them to hold onto it for that long.. then release at christmas?

24 Dec 2023 at 22:15 | Wall-to-wall | Open on toot.hoyle.me.uk
4 comments
Marvin W

@tony @jwildeboer
To quote from their website:
> "As our research was accepted at this year's 37C3 conference (info received on 3rd December) and we still thought that Cisco users should be warned about the vulnerable default configuration, we decided to publish our research before the conference and holidays in order to provide administrators time to re-configure their Cisco configuration."

sec-consult.com/blog/detail/sm

@tony @jwildeboer
To quote from their website:
> "As our research was accepted at this year's 37C3 conference (info received on 3rd December) and we still thought that Cisco users should be warned about the vulnerable default configuration, we decided to publish our research before the conference and holidays in order to provide administrators time to re-configure their Cisco configuration."

25 Dec 2023 at 10:43 | Open on mastodon.social
Tony Hoyle

@larma
That's not even an excuse. So you chose to favour one vendor, and left the rest of the world in the shit.. for internet points?

Enjoy your 30 seconds of fame.
@jwildeboer

25 Dec 2023 at 10:54 | Open on toot.hoyle.me.uk
Jan Wildeboer 😷:krulorange:

@larma @tony Only mentions Cisco, so shows me they weren’t aware of the wider impact and the coding needed for at least 3 widely used MTAs.

25 Dec 2023 at 11:29 | Open on social.wildeboer.net
Marvin W

@jwildeboer @tony well, another quote from their website is:
> "After testing some popular e-mail software in their default configuration, it turned out that Postfix and Sendmail fulfil the requirements, are affected and can be smuggled to. Speaking globally, this is a lot"
So yes, they were aware of the impact.

25 Dec 2023 at 11:42 | Open on mastodon.social
Go Up