lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Fri, 13 Feb 2004 16:00:59 -0800
From: "Drew Copley" <dcopley@...e.com>
To: "Paul O'Malley" <schildt@....ie>
Cc: "Gadi Evron" <ge@...tistical.reprehensible.net>,
   <bugtraq@...urityfocus.com>, <full-disclosure@...ts.netsys.com>
Subject: RE: RE: W2K source "leaked"?


 

> -----Original Message-----
> From: full-disclosure-admin@...ts.netsys.com 
> [mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of 
> Paul O'Malley
> Sent: Friday, February 13, 2004 9:10 AM
> To: Drew Copley
> Cc: Gadi Evron; bugtraq@...urityfocus.com; 
> full-disclosure@...ts.netsys.com
> Subject: [Full-Disclosure] RE: W2K source "leaked"?
> 
> Hi,
> 
> If you do work on or would like to work on Free Open Source Software
> code, do not expose yourself to this, it is dangerous.
> Simple if you ain't seen it you can't be influenced by it [1].
> You may have had opportunity but it was not your problem.
> RMS [2] was right in his essays.

I have worked for an opensource company. It went belly up.

Not that the model could not have worked...

You remind me of a point, though...

Microsoft has claimed for quite sometime that one of their big selling
points over Linux is the fact that their sourcecode is closed. They
embraced the "security by obscurity" model to the exclusion of common
sense. This is unfortunate for them under these circumstances.

Let's dredge these articles up a bit... Oh, here's a good one:

Microsoft: Closed source is more secure
http://www.securityfocus.com/news/191

Quote:
Making source code public also increases the risk that attackers will
find a crucial security hole that reviewers missed, said Lipner. "That
argument sounds like an argument for 'security through obscurity,' and I
apologize. The facts are there." 

...

End of quote.

And, this is very interesting considering their current problem. Which
was totally a matter of time. I am surprised they did not provide a
better public stance for this. They are arguing that it doesn't matter
that their source is out there. 

Quote:

But Microsoft downplayed the security angle.

In its statement the company said the main concern is the potential
theft of its handiwork rather than the possible security threat that
such a leak might pose. 

"If a small section of Windows source code were to be available, it
would be a matter of intellectual property rights rather than security,"
Microsoft said. 

...

End of quote.

http://zdnet.com.com/2100-1104-5158496.html?tag=nl

> 
> Best regards,
> 
> Paul O'Malley
> 
> [1] a conspiracy theorists dream / nightmare
> [2] Richard M.Stallman Free Software Freesociety: selected essays of
> and for those who still don't understand, use a search engine to find
> them on line :-).
> 
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
> 
> 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


Powered by blists - more mailing lists