Email or username:

Password:

Forgot your password?
Top-level
Tony Hoyle

@jwildeboer That's awful. What possessed them to hold onto it for that long.. then release at christmas?

4 comments
Marvin W

@tony @jwildeboer
To quote from their website:
> "As our research was accepted at this year's 37C3 conference (info received on 3rd December) and we still thought that Cisco users should be warned about the vulnerable default configuration, we decided to publish our research before the conference and holidays in order to provide administrators time to re-configure their Cisco configuration."

sec-consult.com/blog/detail/sm

@tony @jwildeboer
To quote from their website:
> "As our research was accepted at this year's 37C3 conference (info received on 3rd December) and we still thought that Cisco users should be warned about the vulnerable default configuration, we decided to publish our research before the conference and holidays in order to provide administrators time to re-configure their Cisco configuration."

Tony Hoyle

@larma
That's not even an excuse. So you chose to favour one vendor, and left the rest of the world in the shit.. for internet points?

Enjoy your 30 seconds of fame.
@jwildeboer

Jan Wildeboer 😷:krulorange:

@larma @tony Only mentions Cisco, so shows me they weren’t aware of the wider impact and the coding needed for at least 3 widely used MTAs.

Marvin W

@jwildeboer @tony well, another quote from their website is:
> "After testing some popular e-mail software in their default configuration, it turned out that Postfix and Sendmail fulfil the requirements, are affected and can be smuggled to. Speaking globally, this is a lot"
So yes, they were aware of the impact.

Go Up