-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 24 Sep 2003, der Mouse wrote: > > Bad, verisign. Very bad. > > Well, yes, but we knew _that_ from the day the wildcard went in. The concerns expressed thus far are just the canonical tip of the iceberg, considering the services running on sitefinder-idn.verisign.com. PORT STATE SERVICE 23/tcp filtered telnet 25/tcp open smtp 79/tcp filtered finger 80/tcp open http 161/tcp filtered snmp 162/tcp filtered snmptrap 514/tcp filtered shell Imagine how much fun one could have if, say, port 23 was suddenly unfiltered; or if port 22 were opened; or if Verisign got really tricky and opened up port 443 with a specially-crafted "wildcard" SSL certificate implementation (maybe a stretch...but Verisign *is* a CA, no?). The system as it presently functions is already ripe for abuse. There is no question of that. But imagine the quantity and quality of abuse that will occur when (not if) the system residing on 64.94.110.11 gets 0wn3d by someone who answers to no-one. I think now would be a good time to null route all traffic to and from 64.94.110.0/24 until Verisign grows a conscience and terminates this abomination. - -Jay ( ( _______ )) )) .-"There's always time for a good cup of coffee"-. >====<--. C|~~|C|~~| (>----- Jay D. Dyson -- jdyson@treachery.net -----<) | = |-' `--' `--' `- Life is hard. Even harder if you're stupid. -' `------' -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (TreacherOS) Comment: See http://www.treachery.net/~jdyson/ for current keys. iD8DBQE/cgV7Nlg1oZSC9mkRAitrAJsGajN4leAI350REufRCA7AgvI2jwCeIo9y wpYr5kYx7nRhngA0+YVU2pU= =/Qvq -----END PGP SIGNATURE-----