lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <C4C3BD00-B381-11D6-B2CD-000393779ABA@sackheads.org>
From: cerebus at sackheads.org (Timothy J.Miller)
Subject: Shiver me timbers.

On Monday, August 19, 2002, at 08:30 AM, aliver@...il.com wrote:

> 	Perhaps. However, the analogy may not be apt.

Actually, it's more apt than you think.

> 	Secondly, in your analogy the person who points out that the gas
> tank tends to explode is a person who found that out from a coincidental
> experience, and without any effort or foreknowledge of his own. Ask
> yourself if this parallels our situation. Vulnerabilities are not
> something that often manifest themselves to people with no technical
> knowledge who aren't looking for them. A person with experience and
> specific ability is almost always the one to find them. That person, or
> someone like him must use that knowledge to create an exploit, and 
> that's
> not something that just anyone can do. It takes both skill, and effort.

Auto mechanics find engineering and manufacturing defects in automobiles 
all the time.  They also, on the whole, report them to the auto 
manufacturer *as well as* their customers, even though it could be 
argued that it is in their best interest to keep it to themselves (thus 
insuring repeat business).

-- Cerebus


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ