| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: virtual_mage at earthlink.net (Virtual_Mage) Subject: Blowing up PC's and leaking CERT info -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Exactly why do they feel they have the right to destroy a person's PC for downloading music? Sounds like some nice lobbying manuevers by our friends at the RIAA. I'm wondering if they ever bothered to realise that the majority of the truly revolutionary computer advances come from the public, not from the government or vendors? Putting this idea out there will just give people the idea to make it themselves (if someone hasn't already). Thus far no government developed technology in this area has gone undefeated or unfoiled by the so called "hacking community". If anything, Mr. Hatch will probably find his own computer destroyed. Putting that power into the hands of content owners is on the verge of insanity. I would have to agree with the notion of placing Mr. Hatch in a nice comfortable room with padded walls. As far as the "issue" with leaking cert info, I don't see what the big deal is. The information gets released eventually anyway, and most people rarely patch their software in time anyway (I recently found a network which I know not to be a honeypot which has several computers using openssh versions prior to 2.3). It makes no difference if the vendors get the info before the public. The only way it'd make a difference would be if there was some way to mandate the installation of patches, in which the end user had no power to decline the patch. However, a system like that would probably have too many vuinerabilities in it alone, and leaves room for corporate and governmental tampering and spying. Since the so-called "tragedy" of 9/11, everything's been turned sideways. Prior to that everything got released to the public (as far as we know anyway) at the same time everyone else saw it. Now it's about impossible to find real info on a vulnerability. Security Focus went from being a Mecca for security professionals to a site that gives only overly generalized information about vulnerabilities. Then again, I suppose that's the reason for this list. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+8Gy3cEwbocfqcbIRAlfYAJwIDRfuZC8iUMFnJfBTQJtw5KYNNQCghjc8 cqxUMP/vO0w2SJ2eyd++ibE= =Qdex -----END PGP SIGNATURE-----
Powered by blists - more mailing lists