lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
From: zen-parse at gmx.net (zen-parse)
Subject: Netscape Problems.

On Tue, 26 Nov 2002, Georgi Guninski wrote:

> zen-parse wrote:
> 
> >
> > In case people haven't noticed yet, Open Source is not more secure.
> >
> 
> I disagree with this conclusion.
> 
> Can you please give more details how you concluded this based on your post.
> 
> In no particular order, here are some thoughts.
> 
> 1. You mention several mozilla bugs, most (all?) of which are fixed. Are you 
> aware of the amount of internet exploder bugs?

Not precisely, but one bug is all it takes to make a product insecure.
 
> 2. I can understand you are angry at Netscape, but please don't mix corporate 
> emotions with open source. From personal experience, several years ago, I 
> managed to cash all of the *reproducible exploits* bounty claims against 
> netscape products. Are you sure your claims are *reproducible exploits*?

Yes. Details have been supplied for all of them, when asked by netscape. 
If no further information was requested, I assumed it was reproducable. 

 
> 3. From the email headers of your post, I am inclined to think that you are 
> using *open source* email client and smtp server - probably linux.
> Am I wrong? If not, why have you chosen open source email solution and not 
> windoze, e.g.?

Yes. I am. I also use Windows XP. I originally used linux because of a 
hacker wargame, and now I use it because I like it. It only takes one bug 
though to make an insecure product.
 
> 4. How can one be sure there are no bugs in closed source involving magic 
> numbers like 536870912 (from your post)?
> Can one tell if closed source is not backdoored?
> Do you trust m$'s tru$tworthy computing so much? Do you use it at all?

Would be nice, but nope I can't see hidden features.

Nope. No idea what features most of them have.

Not really, but I use it. (Never attribute to malice what can readily be
attributed to stupidity.)
 
-- zen-parse
 

-- 
-------------------------------------------------------------------------
1) If this message was posted to a public forum by zen-parse@....net, it 
may be redistributed without modification. 
2) In any other case the contents of this message is confidential and not 
to be distributed in any form without express permission from the author.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ