| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 14 Jan 2011 20:22:21 -0500 From: Григорий Братислава <musntlive@...il.com> To: full-disclosure@...ts.grok.org.uk, thor@...merofgod.com, lists@...com.org Subject: Remedy for Getting Off is Patch Hello full disclosure!!! I'd like to warn you about Patches. As is everyone knows, patches is are pieces of is software that software manufacturers is make to fix their is horrendous programs. Is you not patch, you is get owned. Gone is under sixty seconds. As is say on Wikipedia -- "A security patch is a change applied to an asset to correct the weakness described by a vulnerability. This corrective action will prevent successful exploitation and remove or mitigate a threat’s capability to exploit a specific vulnerability in an asset. Security patches are the primary method of fixing security vulnerabilities in software. Currently Microsoft releases its security patches once a month, and other operating systems and software projects have security teams dedicated to releasing the most reliable software patches as soon after a vulnerability announcement as possible. Security patches are closely tied to responsible disclosure." As in say by musntlive -- "A security patch is is a change applied is to an asset is to correct ignorance and stupidities of developers of is application because is their application is ownerizable. This is corrective action and is nothing more than is bandaid to prevent temporary exploitation and is remove vulnerability for short amount of is time. Security patches is only method of vendors like is Microsoft is to cover their осёл. 'Is we is Microsoft and is sure we make sloppy software.' All software is beta присоска! And is you is stupid for buying is software. Security patches is closely tied with sloppy coding and is rushing to market." Is argue by Thor (who is musntlive respect) as is is arguement by Valdis (who is musntlive respect is усы) is Pete Herzog (who is musntlive respect) say: 'defense in depth' -- "the more reason to implement an array of controls (defense in width) for the interactive points rather than rely on patches to fix ONLY the problems you know about." Now is musntlive lay smack down on is everyone even is I respect all of you. Is Pete you must understand is I pay $40,000.00 or give 10,000 little сурок trade for software - I is expect software to is work how I want is work. I is build my business on is this application so when is code is changed now I is has to maybe accept it yes or is not accept it. Is I accept is change is software maybe break my system and is cost me money or possibly worse сурок!! Is who присоска now!!??!!?? Is patch no answer!! Because is New Year musntlive offers everyone fair solution to is fix: OpenBSD. Now is when you have security issues since is your machine backdoored is you can ask Theo or the FBI to fix is your machine. Thank is you all for support in 2011 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists