lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Pine.LNX.4.21.0702141854150.5728-100000@linuxbox.org>
Date: Wed, 14 Feb 2007 18:55:24 -0600 (CST)
From: Gadi Evron <ge@...uxbox.org>
To: "Roger A. Grimes" <roger@...neretcs.com>
Cc: bugtraq@...urityfocus.com
Subject: RE: Re[2]: Solaris telnet vulnberability - how many on your network?

On Wed, 14 Feb 2007, Roger A. Grimes wrote:
> Spectulation over whether Microsoft, Sun, or any other vendor
> intentionally put in backdoors just makes our industry seem
> unprofessional. The likelihood that either vendor did is near zero.

Although we ruled this out with Sun's full disclosure (almost completely,
never say 100% in security), no one was accusing Sun.

This is a very important issue: a backdoor does not need to be put there
by the builder.

Example: Linux kernel and two lines of code.

	Gadi.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ