[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <3E91E99E.8090305@thievco.com>
From: BlueBoar at thievco.com (Blue Boar)
Subject: U.S. military helps fund Calgary hacker with
$2.3 million
Pekka Savola wrote:
> That claim is certainly untrue.
>
> If you take a default install from 7 years back, you certainly have more
> remote holes, in services that have since been removed from the default
> install -- looking 7 years back from *current* default install, not
> default install *7 years back*.
I think that's what they're trying to claim. IIRC, the hole that got them
to change to the current "only one hole..." was one of the OpenSSH holes.
What other remote hole(s) were in the default install?
OpenBSD is supposed to be June 1, 1997, so I guess the 7 years is intended
to cover the entire life of OpenBSD?
(I am an OpenBSD fan in general, and I think they have a strong security
track record. I don't think the current claim under discussion is
particularly strong though... if you want to be sarcastic, my Apple ][,
C64, and MS-DOS machines have had 0 remote holes in the default installs
for 20-odd years, and I don't see that changing anytime soon.)
BB
Powered by blists - more mailing lists