lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20030919125255.GB1385@trusteddebian.org>
From: peter at trusteddebian.org (Peter Busser)
Subject: openssh remote exploit

Hi!

> Really ?  I think you'll find that there are quite a number of people,
> aside from myself, who think that the "1 exploit in X years" is on one
> end of it as misleading and the other end, a lie, excluding this current
> openssh problem.

It's a statistic. 'nuf said.

> Some people, like you, believe openbsd/openssh is the best software
> that exists today. Others don't and I'm sure there are examples and
> counter examples to prove either side.  My only advice is try not to
> take criticism of it personally.

Q. What is the difference between a used car sales person and a computer sales
   person?
A. The used car sales person knows when he is lieing.

Decades of research on computer security have not provided any proof for the
believe that you can turn an insecure operating system (like UNIX) into a
highly secure system.

It is like transforming a family car into an F1 racing car by putting an F1
motor in and attaching spoilers. Somehow I don't think such a car will win any
race.

Yet in the IT security field, a number of people claim that it is possible and
that you can win every race too.

Groetjee,
Peter Busser
-- 
The Adamantix Project
Taking trustworthy software out of the labs, and into the real world
http://www.adamantix.org/


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ