[<prev] [next>] [day] [month] [year] [list]
Message-ID: <200310212143.h9LLhr3q057891@mailserver3.hushmail.com>
From: randomusername at hushmail.com (Generated by a PseudoRandom Number Generator)
Subject: No Subject (re: openssh exploit code?)
On <somedate> Montana said...
>I agree with Mitch. Lets say you get an advisory that
>a severe thunderstorm may be coming your way. Do you
>wait until the wind and rain are blowing inside your
>house to close the windows and doors.
<snip>
This is one of the silliest analogies I have ever heard. If you are seriously
suggesting that Mitch (or anyone on full-disclosure, bugtraq, etc) is
the equivalent of the <Insert local/national weather service>, you are
crazy.
If you insist on having an analogous situation, pretend you live in a
town with 10,000 old guys all sitting on porch rocking chairs, and every
day, a couple of them yell that the storm of the century is coming. Some
times, they overhear one-and-other, and the cries of "Storm, Storm" get
louder. How can you tell who to believe, maybe one old guy has a doppler
radar in his outhouse, all of a sudden, he should be believed, but if
he doesn't tell you why he thinks a storm is a brewin', you're going
to spend every day cowering in your house, afraid. Really I think that's
the point, and the value of full-disclosure to the community, you don't
have to trust some old guy with a trick knee, you can judge for yourself
whether something is possible. (Note: when I say "full-disclosure, I
am not advocating publishing all exploit details, but the information
that was presented by lcamtuf certainly went a whole lot further to disclosing
one possible exploitation path, and allowed people to better assess the
risk and then allow them to judge the importance of this patch, over,
say, the Microsoft Exchange patch. )
And btw, this is one of silliest, most annoying, on-charter discussions
I have ever seen on this list. (actually, it's one of the few on-charter
discussions that I have ever seen on the list), I can't believe I contributed
to it.
Concerned about your privacy? Follow this link to get
FREE encrypted email: https://www.hushmail.com/?l=2
Free, ultra-private instant messaging with Hush Messenger
https://www.hushmail.com/services.php?subloc=messenger&l=434
Promote security and make money with the Hushmail Affiliate Program:
https://www.hushmail.com/about.php?subloc=affiliate&l=427
Powered by blists - more mailing lists