Re: [Openpacket-devel] OpenPacket.org RC1
Brought to you by:
crazy_j,
taosecurity
Menu
▾
▴
Re: [Openpacket-devel] OpenPacket.org RC1
|
From: James P. <jp...@gm...> - 2008-01-08 16:02:41
|
On the other hand, you could get pcaps of the vulnerability :-) I wouldn't mind running a host with a corerestore card that could run the stuff in batches :/ On Jan 8, 2008 8:41 AM, Richard Bejtlich <tao...@gm...> wrote: > On Jan 8, 2008 10:31 AM, Jeremy Stretch <st...@pa...> wrote: > > First off, let me congratulate the Openpacket team on this milestone! > > I've enjoyed watching the site progress and mature over the past few > > months. Openpacket is sure to enjoy success when it finally goes public. > > > > I did stumble across a few minor areas which could use fixing up: > > > > - The link to a user's profile from a forum's thread list is wrong. For > > example, on http://beta.openpacket.org:8080/forum/show/3, from what I > > can tell > > http://beta.openpacket.org:8080/profile/showpublicprofile?userid=stretch > > should be > > http://beta.openpacket.org:8080/profile/public_profile?userid=stretch > > > > - On a forum thread's page, the user's info appears incorrectly. For > > example, on http://beta.openpacket.org:8080/post/showthread/12, it lists > > my (stretch's) location and post count as "9". > > > > - It would be nice to have a forum post preview feature. > > > > - I remember this was discussed a while back, but can't remember how it > > ended; is there any plan to add a confidentiality disclaimer on the > > upload page? > > > > - Might want to put a link to a capture's discussion thread (if any) on > > the 'details' page. > > > > - It would be really neat if the tshark analysis was done automatically > > on the server side, though I'm not sure how practical that would be. > > > > Just my $0.02. As always, keep up the great work! And don't hesitate to > > ask the community for help. > > > > Stretch > > > > Stretch, > > Thanks for all of your great feedback. > > I just wanted to make one note: I do not like the idea of letting the > server provide Tshark output. From a user standpoint I really want > it, but from a security standpoint I think it would be too big a > vulnerability. There are too many protocol dissector vulnerabilities > announced with each release of Wireshark. I'd rather let the user > deal with it than provide an easy avenue to exploit our server. > > Sincerely, > > Richard > > ------------------------------------------------------------------------- > Check out the new SourceForge.net Marketplace. > It's the best place to buy or sell services for > just about anything Open Source. > > http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace > _______________________________________________ > Openpacket-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/openpacket-devel > -- James Pleger p: 623.298.7966 e: jp...@gm... |
