lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20040108230140.X68130@aegir.asgardnet.org>
From: domino at asgardnet.org (Ciro)
Subject: Is the FBI using email Web bugs?

On Thu, 8 Jan 2004, bryce wrote:

> Date: Thu, 08 Jan 2004 19:44:44 -0800
> From: bryce <lord_ph@...cast.net>
> To: full-disclosure@...ts.netsys.com
> Subject: Re: [Full-Disclosure] Is the FBI using email Web bugs?
>
> Azerail wrote:
> > On Thu, 08 Jan 2004, Jonathan A. Zdziarski wrote:
> >
> >
> >>>Actually, my email client "mutt" makes me feel quite safe.  Is there
> >>>something I am overlooking?
> >>
> >>Lack of features != security
> >>
> >
> >
> > I'm sorry, you've just proved beyond a doubt that you don't know what
> > you are talking about.  Sorry to have to put it like that, but there
> > it is.
> >
> > Azerail
> >
>
> Ok Azerail, if you feel that Johnathan's statement is so incorrect as to
> be insulting, then prove him wrong. Share with us why you feel that LoF
> != security. Logically and statistically(sp)the more lines of code in a
> program, the greater the chance of a bug. And you can't add features to
> a program without adding code( if anyone has proven me wrong on this i
> would love to talk to you about it ;) ). Thus by adding features to a
> program you are adding in bugs(although we try otherwise).
>
> What is wrong with this logic???
>
> b.
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>

Just to pipe in here, it looks like you have your attributions wrong.
Jonathan was the one that said Lack of features != security. Given the
subject matter being replied to (mutt) there are several things wrong
with that logic, not the least of which is what you already pointed out:

Feature++ = bloat = bugs++. In the interest of fairness, this is shown
on the mutt.org bugs page too. Mutt has many features, and lots of bugs.
Yet it's still considered safer than OE by many because of the NATURE of
those features. Many (myself included) consider rendering HTML mail a
"bug" and not a feature.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ