[olug] Fw: FreeBSD Ports Security Advisory: FreeBSD-SA-01:INSERT_NUMBER_HERE

Brian Roberson brian at bstc.net
Fri Feb 9 02:33:18 UTC 2001


I just had to pass this one on to the list, This ACTUALLY came from the
freebsd-announce list processor.... go figure


----- Original Message -----
From: "FreeBSD Security Advisories" <security-advisories at FreeBSD.ORG>
To: <freebsd-announce at freebsd.org>
Sent: Thursday, February 08, 2001 2:14 PM
Subject: FreeBSD Ports Security Advisory: FreeBSD-SA-01:INSERT_NUMBER_HERE


>
============================================================================
=
> FreeBSD-SA-01:INSERT_NUMBER_HERE                            Security
Advisory
>                                                                 FreeBSD,
Inc.
>
> Topic:          FreeBSD on record to set most advisory releases for
> year 2001
>
> Category:       All
> Announced:      2001-02-07
> Credits:        sil at loopback.antioffline.com http://www.antioffline.com
> Vendor status:  Developers sleeping right now
> FreeBSD only:   Yes
>
> I.   Background
>
> FreeBSD is the most robust chopperating sysdumb in the world and we
> mean it. Our TCP stack will kick your TCP stacks hynee. Currently we
> are releasing an advisory every 1.95 days which means we are bound
> to surpass Microsoft.
>
> II.  Problem Description
>
> We normally do not assess security when creating the ports distribution
> often allowing anyone to build any program we decide to run in the ports
> directory. Recently we have noticed that we can no longer fool users
> into thinking because we provide checksumming for the programs, that
> they will be secure.
>
> Unlinke other operating systems and the developers of them who audit
> their ports, we feel it is not our problem if someone accessess your
> system because we're too lazy to do things right the first time.
>
>
> III. Impact
>
> Obviously anyone can end up control your machine or worse.
>
> IV.  Workaround
>
> We will not be mentioning the ultra secure OpenBSD operating system
> since we feel it is not our problem and does not help to promote a
> better OS than our own.
>
> V.   Solution
>
> One of the following:
>
> 1) Rub a magic lamp and wait for the security genie to fix it.
>
> 2) Download NSA Linux so you too can have miniscule backdoors in it
>    which you won't see.
>
> 3) Pray to the hacker god Kevin Mitnick for assistance.
>
> 4) Install a more secure O(penBSD)S
>
> NOTE: FreeBSD developers are now red faced
>
> VI. Shouts
>
> Hard Lee Strange
> Mike Hunt
> Ivana Swallows
> Mike Hock
> Dick Famous
> Kathie Lee Gifford
>
>
>
> This is the moderated mailing list freebsd-announce.
> The list contains announcements of new FreeBSD capabilities,
> important events and project milestones.
> See also the FreeBSD Web pages at http://www.freebsd.org
>
>
> To Unsubscribe: send mail to majordomo at FreeBSD.org
> with "unsubscribe freebsd-announce" in the body of the message
>


---------------------------------------------------------------------
To unsubscribe, e-mail: olug-unsubscribe at bstc.net
For additional commands, e-mail: olug-help at bstc.net



More information about the OLUG mailing list