| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: exibar at thelair.com (Exibar) Subject: Gates: 'You don't need perfect code' for good security What an idiot.... Take the loveletter worm, when it was first released even if you had a 100% up to date AntiVirus software program, you would still get hit within the first 8 hours.... slammer, blaster, etc all the same thing. The took advantage of holes in the OPERATING SYSTEM!!!! Yes we have ways of updating our VirusSoftware that works very very well, McAfee has E-Policy Orchstrator, which I swear by. I'm not going to go on, but if Windows was as secure as Bill Gates and company says it is, why was blaster, slammer, codered etc even an issue? Exibar ----- Original Message ----- From: "Jeremiah Cornelius" <jeremiah@....net> To: <full-disclosure@...ts.netsys.com> Sent: Friday, October 31, 2003 1:32 PM Subject: [Full-Disclosure] Gates: 'You don't need perfect code' for good security > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > FLAME ON! > > http://www.itbusiness.ca/index.asp?theaction=61&sid=53897 > > "But there are two other techniques: one is called firewalling and the other > is called keeping the software up to date. None of these problems (viruses > and worms) happened to people who did either one of those things. If you had > your firewall set up the right way - and when I say firewall I include > scanning e-mail and scanning file transfer -- you wouldn't have had a > problem. But did we have the tools that made that easy and automatic and that > you could really audit that you had done it? No. Microsoft in particular and > the industry in general didn't have it." > > "The second is just the updating thing. Anybody who kept their software up to > date didn't run into any of those problems, because the fixes preceded the > exploit. Now the times between when the vulnerability was published and when > somebody has exploited it, those have been going down, but in every case at > this stage we've had the fix out before the exploit. So next is making it > easy to do the updating, not for general features but just for the very few > critical security things, and then reducing the size of those patches, and > reducing the frequency of the patches, which gets you back to the code > quality issues. We have to bring these things to bear, and the very dramatic > things that we can do in the short term have to do with the firewalls and the > updating infrastructure. " > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.2.3 (GNU/Linux) > > iD8DBQE/oqq3Ji2cv3XsiSARAlkdAJ0aGkBViYkoE193iZycTmQZohzwbQCg1KDA > SjPLY1EEzamQCtIGKwJT1Vk= > =mIsY > -----END PGP SIGNATURE----- > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists