| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <200208011624.g71GOCe01182@lart.sdsc.edu>
From: tep at SDSC.EDU (Tom Perrine)
Subject: OT: Snosoft vs HP
>>>>> On Wed, 31 Jul 2002 23:56:38 -0400 (EDT), Jonathan Rickman <jonathan@...rps.net> said:
JR> On Wed, 31 Jul 2002, Jay D. Dyson wrote:
>> I've said it before and I'll say it again: it's about time those
>> of us in the security community started to cut the legs out from under
>> these corporate behemoths. They've been hammering us long enough with
>> these litigious abominations; it's about damned time we fired back.
JR> Amen brother. HP should receive no quarter from anyone in the community
JR> until they apologize, publicly. Discover, publish. Discover, publish.
JR> Simple as that. I think they chose to ignore the problem because they are
JR> dropping the product. Maybe it's just me, but I find that inexcusable. I'm
JR> just grateful that we have this list to discuss things openly.
This is not the first time that HP has been a specific target. Back in
1996-1997 (IIRC) there was a person or group (SOD?) vowing to release
one HP-UX bug each week, unless HP started cleaning up their act.
It was lots of exploits, lots of pretty crappy coding exposed.
Turns out that if you did a "find" on the HP-UX source code (which had
recently slipped out) for "strcpy()" calls, you would get some of the
modules in the order that matched the "HP bug of the week"
announcements.
--
Tom E. Perrine <tep@...C.EDU> | San Diego Supercomputer Center
http://www.sdsc.edu/~tep/ |
Powered by blists - more mailing lists