Re: [Postfixadmin-devel] Sicherheitshinweis für Postfixadmin
Brought to you by:
christian_boltz,
gingerdog
From: Sebastian S. <seb...@vi...> - 2010-08-23 12:01:52
|
Hi David, On Aug 23, 2010, at 12:52 PM, David Goodwin wrote: > I understand it's technically a vulnerability, but it's not new - > similar vulnerabilities have been encountered before in other web > applications - I'd argue that e.g. Facebook's recent bug whereby it's > possible to discover if an email address is valid (well - known to > facebook as a login) and get someone's full name out of it is more > concerning. Indeed, "side channel" vulnerabilities are well known, but I have developed a new method that detects "hidden" side channels. The paper is really more about the formal implication for the detection and prevention of side channels, and less about the vulnerabilities itself. Drop me a line off-list if anyone is interested in a copy of the paper as soon as it is published. > Anyway, thank you for reporting it - Christian has fixed the problem it > seems - and release 2.3.2 will be finding it's way onto the internet > shortly ... I've packaged up the .deb / .tar.gz and Christian will be > pushing them and an .rpm to sourceforge shortly. > > Please feel free to continue prodding Postfixadmin, and we welcome all > feedback and bug reports... and patches even more so! I will. Keep up the good work! Cheers, Sebastian |