[Asterisk-Users] Asterisk Security vulnerability report
Tilghman Lesher
tilghman at mail.jeffandtilghman.com
Wed Sep 10 09:37:42 MST 2003
On Wednesday 10 September 2003 10:51 am, Olle E. Johansson wrote:
> Lubomir Christov wrote:
> > today I found this security report regarding Asterisk SIP
> > Security.
> >
> > http://www.securiteam.com/securitynews/5LP0720B5G.html
>
> Important information. Why a "silent" patch and no information to
> the mailing list? Security by obscurity :-(
Probably because Mark doesn't have time to realize that somebody
is going to publish a temporary vulnerability that he fixes in 5
minutes. When someone points out a bug in my own programs, I'll
go fix it, but I don't usually then publish a vulnerability page
describing the problem: it's a bug, I fixed it, what's next?
-Tilghman
More information about the asterisk-users
mailing list