lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: michael at bluesuperman.com (Michael Gale)
Subject: automated vulnerability testing

Ok -- I am by far NOT a programmer but I have been doing system
administration for some time for software companies. From my experience
it is the programmer not the language that makes a program what it is.

If the program is not secure or highly exploitable then that is a fault
of the programmer not the language.

Blaming C or C++ for not securing the code for you or providing you with
to much power is ridiculous.

That is like blaming a car manufacture because your car has to much
horsepower and you were going to fast and hit poll.

Programming is like driving - YOU are behind the wheel and in control.
If you can not handle it try a 3 cyclinder car and basic HTML :)

Michael.


On Mon, 1 Dec 2003 09:58:33 -0600 (CST)
Ron DuFresne <dufresne@...ternet.com> wrote:

> On Sun, 30 Nov 2003, Jonathan A. Zdziarski wrote:
> 
> >
> > > Aren't such measures -- especially the former -- simply crutches
> > > that effectively _encourage_ the continuation of poor (even
> > > downright negligent) programming practices?
> >
> > Only to the extent that TCP wrappers and firewalls are simply
> > crutches to effectively encourage the continuation of poor systems
> > administration.
> >
> >
> 
> Quite a flaw in logic there, I'm sure you meant;
> 
> Only to the extent that TCP wrappers and firewalls are simply crutches
> to effectively encourage the continuation of poor systems networking
> protocols that already exist.
> 
> 
> Being that the flaws are inherent to the network protocols in use. 
> Admins have long known how to lock a system down, and keep it that
> way, remove all users and limit access and functionality.  That tends
> to make the system far less then useful.  But, the core issue lies
> with the networking protocools that are meant to make iintersystem
> communications actually happen.  There was no security within their
> design, security was the lowest factor in the developers mind at the
> time.  And of course a rewrite of all that code and then pushing that
> to the internet-citezenry at large would be fairly daunting eh?  Look
> how well the conversion from ssh1 to ssh2 has progressed...
> 
> 
> Thanks,
> 
> Ron DuFresne
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ