UK govt not completely tech idiots after all
Posted Nov 21, 2008 17:43 UTC (Fri) by Tet
In reply to: UK govt not completely tech idiots after all
Parent article: SSH plaintext recovery vulnerability
there exists a UK government run agency for protecting infrastructure that seems to actually have a clue.
From the OpenSSH security advisory:
Unfortunately, due to the report lacking any detailed technical
description of the attack and CPNI's unwillingness to share necessary
information, we are unable to properly assess its impact.
Not telling the world at large the intimate details of the vulnerability is one thing, but not sharing them with those who wrote the code and would like to fix it? Bizarre. I think I'd only go as far as them having half a clue.
to post comments)