lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: BlueBoar at thievco.com (Blue Boar)
Subject: U.S. military helps fund Calgary hacker with
 $2.3 million

Pekka Savola wrote:
> That claim is certainly untrue.
> 
> If you take a default install from 7 years back, you certainly have more
> remote holes, in services that have since been removed from the default
> install -- looking 7 years back from *current* default install, not
> default install *7 years back*.

I think that's what they're trying to claim.  IIRC, the hole that got them 
to change to the current "only one hole..." was one of the OpenSSH holes. 
What other remote hole(s) were in the default install?

OpenBSD is supposed to be June 1, 1997, so I guess the 7 years is intended 
to cover the entire life of OpenBSD?

(I am an OpenBSD fan in general, and I think they have a strong security 
track record.  I don't think the current claim under discussion is 
particularly strong though... if you want to be sarcastic, my Apple ][, 
C64, and MS-DOS machines have had 0 remote holes in the default installs 
for 20-odd years, and I don't see that changing anytime soon.)

						BB

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ