1 post • joined 1 Mar 2009
Second bug not just a forgery issue
"He would notice that forgery issues to *NOT* qualify for the security bounty. FAIL!"
Right, and for this reason, I don't think DJB will award the $1000 to Kevin Day. However, the bug that I pointed out is an actual exploitable bug in how djbdns builds DNS response packets, which I believe is covered by DJB's security guarantee. You can read my BugTraq posting for more details (linked within the article).
- Asteroids as powerful as NUCLEAR BOMBS strike Earth TWICE YEARLY
- Got Windows 8.1 Update yet? Get ready for YET ANOTHER ONE – rumor
- Apple stuns world with rare SEVEN-way split: What does that mean?
- Patch iOS, OS X now: PDFs, JPEGs, URLs, web pages can pwn your kit
- Sony Xperia Z2: 4K vid, great audio, waterproof ... Oh, and you can make a phone call