lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <FCAD9F541A8E8A44881527A6792F892C293B3C@owa.eeye.com>
From: dcopley at eEye.com (Drew Copley)
Subject: (IE/SCOB) Switching Software Because of Bugs: Some Facts About Software and Security bugs

 

> -----Original Message-----
> From: Georgi Guninski [mailto:guninski@...inski.com] 
> Sent: Thursday, July 01, 2004 12:41 AM
> To: Drew Copley
> Cc: full-disclosure@...ts.netsys.com
> Subject: Re: [Full-Disclosure] (IE/SCOB) Switching Software 
> Because of Bugs: Some Facts About Software and Security bugs
> 
> your long post seems like an advanced FUD to me.

No, it comes from working in the software field... in development
and QA...

"Fear, uncertainity, and doubt"? I said nothing scary... should
not be scary to anyone... I surely said nothing which would
make anyone "doubt", and I surely said nothing to make
someone unsure -- so please do not falsely accuse me because
you *think* I said something.

If you have a problem with something I say, please point it
out. Otherwise, please do not slander me because you think
you have a problem with something I have said. It seems you
missed what I was saying and just skipped over everything.

I will be blunt and say, you must think I said something
positive about Microsoft and not positive about open source. So,
you are attacking me. However, I did not. 

So, please do not force me to waste my time to defend something
I did not even say, that is really annoying.


> 
> according to your reasoning there should be a lot of worms 
> and exploits for
> apache because of its market share. fact is ii$ is plagued by 
> worms and
> exploits though it has a small market share.

That is not my reasoning.

That is not what I said.

Yes, Apache is an example of a really good software product. It
has been really well tested. The last notable IIS bug, the
chunked encoding bug from last year... was later cut and
paste to test with Apache. It worked on Apache. Then, we tested
it on Netscape Enterprise. It worked there. We might assume,
therefore, since the same complicated bug was on each system
and one of these systems was open source that... the bug
came from Apache. But, so did the feature.

This bug was last Spring, though, late Spring. Yes, it was
found by us, as most IIS bugs have been. Not that I like
IIS...

These things said, it might be noted, the default landscape
of both Apache and now, Windows 2003 IIS, are both extremely
sparse. They do not have webdav or anything like this.

But, I am not sure why you are trying to put words in my
mouth... 

You test Linux. You use Linux. You used to test Windows. You
used to use Windows. I am sure you, no doubt, have serious
hatred of Microsoft. That is extremely obvious. But, you have
been attacked viciously by them in the press over and over
again. No offense... just telling the truth as I see it...


> 
> On Wed, Jun 30, 2004 at 01:55:17PM -0700, Drew Copley wrote:
> > There has been a great deal of talk about people
> > switching to Mozilla because of this recent Internet
> > Explorer issue. 
> >
> 
>  
> 


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ