lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <81637804AB36A644BBDE3ED9DD4E73FDC66CF9@hermes.eCompany.gov>
Date: Wed, 31 Mar 2004 10:36:14 -0800
From: "Drew Copley" <dcopley@...e.com>
To: "Oliver Lavery" <oliver.lavery@...patico.ca>,
	<bugtraq@...urityfocus.com>
Cc: <LiuDieyuinchina@...oo.com.cn>
Subject: RE: Followup: vuln in WinBlox monitor for winnt


 

> -----Original Message-----
> From: Oliver Lavery [mailto:oliver.lavery@...patico.ca] 
> Sent: Tuesday, March 30, 2004 1:11 PM
> To: bugtraq@...urityfocus.com
> Subject: Followup: vuln in WinBlox monitor for winnt

<snip>
> 
> 	That's it. No pissing competition. Liu's onto something 
> very good
> here, but as anyone who installs MS patches will tell ya, 
> you've got to see
> the full implications of a fix before you choose to apply it. 
> Until this
> thing gets rewritten properly, and follows even the most 
> basic principals of
> secure coding, it'll cause more problems than it fixes, in my opinion.
> 
> 	I firmly believe that these sorts of tricks have tonnes 
> of potential
> and are going to become even more common in the future of the 
> "so called
> security community" tho' ;)

<snip>

Honestly, most [95%+-] "beta" or "alpha" programs do "cause more
problems then they fix". 

Liu Die Yu is relatively new at development, but he is relatively new at
finding bugs -- and he has succeeded substantially at that. I do not
doubt that he will succeed substantially at this. 

And, all of this is yet another great reason to immediately put code
opensource at an excellent hosting spot like sourceforge... even from
the design phase, but especially from the alpha release stage.

Then you have the ability to have others to help out... and you have
such neat, modern resources such as bug databases and submission forms. 

I do not think Liu Die Yu will take half a year or more to fix his bugs.






Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ