lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20070215150700.10805.qmail@securityfocus.com>
Date: 15 Feb 2007 15:07:00 -0000
From: thefinn12345@...il.com
To: bugtraq@...urityfocus.com
Subject: Re: Re: Solaris telnet vulnberability - how many on your network?

On Tue, 13 Feb 2007, Gadi Evron wrote:

>> We all agree it is not a very likely possibility, but I wouldn't rule it
>> out completely just yet until more information from Sun becomes
>> available.

>What more information do you need? You have an >advisory, access to the
>source code, access to the change that resolved >the problem and
>patient conversations with a very patient Casper >Dik.

>The onus is on you to demonstrate how this could >be a backdoor.
>Otherwise you are asking Sun to prove a negative.

>IMO fixing security bugs at short notice is >painful enough without
>people like yourself and Steve Gibson casting >assertions of malice.

The price of freedom is eternal vigilance.

Assertions of malice are a good thing. Keeps people on their toes and thinking about it.

There have also been too many times in the past when they have been proven correct to ignore the possibility any longer.

TheFinn.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ