lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Pine.GSO.4.43.0310231558590.10050-100000@tundra.winternet.com>
From: dufresne at winternet.com (Ron DuFresne)
Subject: [inbox] Re: RE: Linux (in)security

	[SNIP]


> > First, people can actually audit it for security (you think IBM
> > recommended Linux without going over every single line of code?)
>
> Yes.
>


To support this, take red-hat on the s390 platform;

red-hat pushes out the product, which IBM is the back channel support for.
I ask in the very first meeting with the red-hat sales-lizard;  Umm, there
was a vuln released today that affects the kernel, I see red-hat addressed
this on the i386 and ia64 as well as the ppc platforms, has it been
addressed on the s390, or can you just plain tell me we are not vuln?  To
which the red-had-lizard was clueless to the whole concept.  And it took
4-5 months for IBM to get from red-hat their 'updates' page for s390 rmp's
all of which were older then known issues/exploits.  Turns out IBM claims
to have been unaware that even though red-hat is chanrging for the
platform enterprise release, They have not devoted any backend resources
to keeping it current.  Tells me that also, IBM could not have conducted
an audit on what is mont maintained, let alone what was released.

And points to the fact that even though it's possible to play linux on the
IBM platforms, it's not really ready for prime time.

Thanks,

Ron DuFresne
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
	***testing, only testing, and damn good at it too!***

OK, so you're a Ph.D.  Just don't touch anything.


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ