|
Анонс: Уязвимости Алгоритма и Семейства Протоколов Spanning TreeПрочестьAnnounce: Spanning Tree Algorithm and Protocols Familiy WeaknessReadNews: -- 13 Apr 2004 -- We're surprised that this compleately frozen project is steel in interest for people: we've permitted Black Fox from Krasnogorsk for using our materials in his lections for students on his request. Thank you for your respect to us, man. :) It was pretty nice to know that this project 'll help educate people. Spring is coming.. some young brains become damaged. :) We've got an unpermitted translation to french w/ dirty comments on our license. That's funny, especially when published on a domain like "degenere-science.com" by a folk w/ email "decerebrain@degenere-science.com" . :) Here people who know russian may read what we think about such a young-hot-heads. =) And as a comment for this I can say only this: in country that is about to apply on citizens laws that cannot be unviolated (see here and there) - the only way left is to ignore all permissions - whatever they do - anyway illegal. The phrase from "1981" 'Big brother is watching you' step by step fits to a "democracy" world. Now in france.. As you may already guess - with this law reading our paper became illegal in france. -- 20 Aug 2003 -- Well, at 1st, phrack #61 is out & with our article. :) We're proud to see it there. =) Thanks for their interest in our project. Due to some conversion script bug 1st time it's out with some typos in the text - some chars kinda eaten.. So, people, please don't forget to ask about review of an html right before it's out on the web. Fortunately, the editorial team answered our notes on this in a relatively reasonable time & currently we're waiting for a replacement with the bug-fixed version of our text. Anyway congrates to the Phrack team - new mag release does anyway look good. :) So, at the 2nd, this is our english paper (variants): STP-article.en.4phrack.last.txt.bz2 - bzipped text, last one, that was sent to Phrack editorial team - special version for Phrack magazine. HTML version is at phrack web, & we hope currently it's already typos-free. Enjoy. :) STP-article.en.dvi - this is alternate variant of our article in a dvi format (compiled today). STP-article.en.pdf - same as above in pdf format for those who enjoy reading this from their browser (note: w/ Linux kghostview is preferrable to xpdf - some Linux distributions supply xpdf that suffer from lack of some fonts). STP-article.en.LaTeX.tar.bz2 - the source of the above alternate versions in LaTeX format. For those who donno what's LaTeX & just for those lazy folks there're bash scripts for easy viewing/recompiling. And the 3d and the last of the news: Our project is now complitely closed. There're only a few chances that its files 'll be updated. Mebbe I'll put somthing new here, but when - who knows. Hopefully the information released here will help in replacing old insecure technologies with a new, secure one. Enjoy the scene. Good luck. -- 4 Jul 2003 -- We've contacted the notorious 'Phrack' editorial team about our article.. seem them're interested, but text should be a bit rewritten.. Generally after cutting & inserting stuff it differs enough (we think) to be another article on the subject.:) So we're still looking for a magazine that 'll publish our 1st English variant (noticing that slightly rewritten it should appear in the 'Phrack' before). Just for fun - here you may look a scanned (& scaled to 350x480) 1st page of part of IEEE 802.1d I printed for reading. Look how paper is overused & burned by a sunlight.. funny (i think) that it shows how much time I spent with this paper on the beach (it was summer holidays from work when I started reading this). -- 24 May 2003 -- Our translation is finished. Generally its now not a clear translation, but retelling - updated & reviewed. We would be glad to hear any offers from english speaking magazines, that living outside of DMCA-alike laws coverage. This is, at least, magazines not under US urisdiction. Please mail us: olli AT digger . org . ru ( AT = @ , also remove spaces. It's simple spamblock.). Now you may download just the code and simplest sample script for managing it: stp.c (code only), test.sh (bash script) and above with comments in tgz arhive: send.tgz (code, script & short comments in Russian) , all these are separeted from our paper for easier dowload. -- 19 Apr 2003 -- We would finish translation of our article soon. If you're outside U$ and interested in our materials - please contact us about details. -- 2 Apr 2003 -- Article translation continued.. slowly, but it's better then nothing. =) Updated english links - added a link to browse pdf 'on line' via your browser. See below. -- 30 Mar 2003 -- Cisco seem to take care about STP vulns. My new emploiers bought a cisco 2950 & it has most of STP aware extra restrictions avaliable. Good. But them are DISABLED by default & STP by default is ON. =) & even with these restrictions there're problems - the protocol itself is not safe. =) But I'm pleased even with this little step to security. :) -- 20 Mar 2003 -- Not a new thing, but if you didn't know yet =) - a few months ago we permitted a slightly reformatted (translated to HTML) copy of our materials at bugtraq.ru at www.bugtraq.ru/library/books/stp/index.html. Thanks for their work - now you've ability to look at our paper via your favorite browser. Also I'd like to point that bugtraq.ru & bugtraq at securityfocus.com are a deep diffrent thing. =) bugtraq.ru is (as I know) free project that is not a subject of support of any company, & thus, has no reason to apply any sort of "politically correct" filters to their postings. Updated "last modified" field. :)) Previouse was at Tue 08 May 2002 03:56:48 - so long. =)) -- 18 Mar 2003 -- Updated bugtraq notes (see below). -- 17 Mar 2003 -- Due to lot's of spam going to my email I've changed all announce materials to prevent getting emails from them w/o hand intervention: all announces either bzipped either emails inside where changed by inserting spaces. -- 17 Mar 2003 -- Added my email exchange with one of bugtraq maintainers. Look at the dates & compare the date when our project is released. =) These folks are as usualy fast. ;-] -- 12 Mar 2003 -- As you may already found - the project was frozen for about to 10 months. Currently things are going as follows: There is no any english translation from us (though I've started & 've 2 pages in draft). Also no translations from other people (known to us) & hence no approved for public use translations. An enthusiastic man who was interested to help us in translation also disappeared from our mail a few months ago (without any translated sentence =) ). Since our 1st release Vladislav had no time for the project at all. He said that in the near future he can't continue with it. May be he 'll return, at list I wish so. I also had no time for the project till now. Anyway I'm planning to give it some more time, but can't say anything about its amount and ranges. But the project is not closed yet: 1. We'll work on translation together, since it's our project. 2. I'm planning to renew some data, make the project look a bit more finished. I'm not sure what I'd do after we 'll finish translation of our magazine article and I'll give the project a "stable" state. May be, it'll be possible to continue alone, mebbe I'll accept if someone on the net would like to help me with this? Please drop me a mail if you're interested in continuation of this project, also I'd like to know - are there any enough expirinced people who would like to participate in further development. By "enough" I mean expirinced with OSI layer 2, switching environment, also cryptography and C/C++ is a good plus, at least if Vlad's idea to write RFC for secure STP implementation 'll be implemented. -- 08 May 2002 -- Full russian paper is ready to reading. Anyway some changes to the paper 'll arrive in this month, some license changes & also this page design changes are pending. Currently the paper is avaliable in dvi (bzip archive) & pdf (rar archive) formats. A bit later (after minor changes) we also 'll give you a source of these files - the LaTeX version. If you woulf like to browse pdf "online" via your browser - click here . -- 19 Mar 2002 -- Our project noted in the press: Network News (bzipped text dump of previouse link is here and bzipped html is here). We're planning to publish in russian full currently avaliable materials (except some part of the code) during may-june 2002. At least the work on "frozen" version is going to the end phase.. =) > hey, whatever happened with the english paper? currently much more time is spent with preparing to publish full russian version (130Kb vs 30Kb). Also we're translating slowly our already published in paper 30Kb article (about to 10% done). Such a speed is a pity to us, but we've lots of ordinary work & thus we're catching time for the paper only rarely. Also we were founded by one enthusiast - he wish to trunslate our work in english & has enough expirince (at list he claims :) ). Well, he'll start w/ full materials after I'll receive formal agreement from him signed w/ his PGP key (mostly this is formal, since key is not tight to person, but anyway =) ). Hopefully full russian version 'll go this/next month. Short English version may appear somewhere inside next month. ----- END of NEWS section.. For backup reasons a tared & bzipped copy of the "LAN" magazine electronical version of our article is avaliable here. A link to our article at their site is here. Notes: PGP keys of authors are avaliable from public key servers & this site. Also you may look at the text of BUGTRAQ announce of this article here (or get its signed (and bzipped) version.) Also, if you steel believe in BUGTRAQ & its hoster "security focus" as a good compleete (huh!) source for security information - take care about the following facts complaining that BUGTRAQ list keepers FILTER information about vulnerabilities depending to their opinion about the other post information. Also mind that americans are too worried about DMCA, or at least, about publishing our license. After we were contacted by CERT, we answered that we're ready to translate & give them details, but publishing our license as a part of reference to our project is a must. Well.. It's already a month after this & no new mails from CERT arrived. =) Also you may look at my emails with one of bugtraq maintainers. It's fun - these people are really fast there. =) Just click here. |
Join us to Take back the Net! |
|
Please note, that our license does NOT permit simple mirroring of this project materials (including homepage). Currently the only places permitted to store html version of our project materials: 1. The main project home page, i.e. http://olli.digger.org.ru/STP - here you 'll find all news & all old stuff. 2. Vladislav's home page, currently it's http://www.free-unices.org/~cybervlad/ - all permitted. 3. Russian LAN magazine - them're permitted to publish our article on the paper & electronically in the net (link is below in old news). 4. The http://bugtraq.ru project (them are permitted to publish html version (link is in old news) of full research materials. 5. The Phrack magazine - them are permitted to print our translation/retelling of LAN magazine article. All other mirrors(even partial) are a dirty rip |
Last modified at Fri Jul 4 21:55:22 MSD 2003