lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <200306181344.26887.virtual_mage@earthlink.net>
From: virtual_mage at earthlink.net (Virtual_Mage)
Subject: Blowing up PC's and leaking CERT info

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Exactly why do they feel they have the right to destroy a person's PC for 
downloading music? Sounds like some nice lobbying manuevers by our friends at 
the RIAA. I'm wondering if they ever bothered to realise that the majority of 
the truly revolutionary computer advances come from the public, not from the 
government or vendors? Putting this idea out there will just give people the 
idea to make it themselves (if someone hasn't already). Thus far no 
government developed technology in this area has gone undefeated or unfoiled 
by the so called "hacking community". If anything, Mr. Hatch will probably 
find his own computer destroyed.

Putting that power into the hands of content owners is on the verge of 
insanity. I would have to agree with the notion of placing Mr. Hatch in a 
nice comfortable room with padded walls.

As far as the "issue" with leaking cert info, I don't see what the big deal 
is. The information gets released eventually anyway, and most people rarely 
patch their software in time anyway (I recently found a network which I know 
not to be a honeypot which has several computers using openssh versions prior 
to 2.3). It makes no difference if the vendors get the info before the 
public. The only way it'd make a difference would be if there was some way to 
mandate the installation of patches, in which the end user had no power to 
decline the patch. However, a system like that would probably have too many 
vuinerabilities in it alone, and leaves room for corporate and governmental 
tampering and spying.

Since the so-called "tragedy" of 9/11, everything's been turned sideways. 
Prior to that everything got released to the public (as far as we know 
anyway) at the same time everyone else saw it. Now it's about impossible to 
find real info on a vulnerability. Security Focus went from being a Mecca for 
security professionals to a site that gives only overly generalized 
information about vulnerabilities. Then again, I suppose that's the reason 
for this list.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE+8Gy3cEwbocfqcbIRAlfYAJwIDRfuZC8iUMFnJfBTQJtw5KYNNQCghjc8
cqxUMP/vO0w2SJ2eyd++ibE=
=Qdex
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ