lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Thu, 01 Jul 2004 19:26:00 +0100
From: "Robin Landis" <rebl@...ramail.com>
To: dcopley@...e.com
Cc: bugtraq@...urityfocus.com, full-disclosure@...ts.netsys.com,
   ntbugtraq@...tserv.ntbugtraq.com
Subject: (no subject)


-> The very same people are finding these big bugs. It is not like there are a whole ton of unexperienced people finding these bugs. These are the best. They are experts at finding them. They may not always be cognizant of this themselves, the act of finding them may not seem difficult to them, but it is -- and this is clearly shown by the fact that the same people keep finding these bugs.

I contend that the fact that the very same people are reporting bugs does not mean that they are the only ones finding them.  Nor does it mean that only an expert might find them.  Nor does it mean that all experts would be inclined to report them.

Using any operating system that is 1) not obcessed with backward compatibility to the point that old vulnerabilities are retained forever, and 2) does not force users and servers alike to run unnecessary applications, and 3) is deployed by a company that manages its software development lifecycle in a manner that ensures all the various programmers are applying security patches to all the various versions under development, would be a big improvement.  Microsoft might someday become such a company....XP SP2 being a start.

And then you could look at how IE handles security zones...
Whether the new search tool will be another "built-in"...

Robin
-- 
_____________________________________________________________
Web-based SMS services available at http://www.operamail.com.
From your mailbox to local or overseas cell phones.

Powered by Outblaze

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ