lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <200407020142.i621gDU19250@pop-6.dnv.wideopenwest.com>
From: mvp at joeware.net (joe)
Subject: Web sites compromised by IIS attack

> List me 5 other products where is it assumed and 
> accepted that the purchased products has flaws.

I'll let you list them. List five products that regularly have an add-on
sale of extended warranties. If you don't feel there would be a failure, you
wouldn't buy an extended warranty. A long time ago in a galaxy far far away
I used to sell Electronics, Computers, White Goods, Cars, etc. Extended
Warranties are pretty common place to buy. If customers felt there were no
flaws, they wouldn't be buying them. 


If you actually got your wish on the manufacturer has to touch the product
physically I think you would see a many things... I don't think you want any
of them. 

1. Warranty lifetime would reduce to 1 year or less, probably 90 days, that
is a pretty common electronics type warranty. Seven day exchange with
receipt. 

2. You would have very specific hardware guidelines on what could be
installed on the machine in order for you to run the OS or program. That
hardware would have to be installed at the factory dealer.

3. You would BRING the product into where you purchased it or to a local
service center and LEAVE IT, if that service center was not near you you
would ship the product properly to that service center. Don't think of this
just for your OS, what about every program on the computer. If you installed
10-15-30 things, you could spend a lot of time at UPS. 

4. You would lose all control of updates and such that were applied once you
brought it in or mailed it in. If the SP from the OS broke 14 of your other
apps because they weren't properly using the OS (say taking advantage of a
security hole) you now have 14 other apps to go get straightened out... UPS
frequent shipper here you come...

5. Costs would go up substantially. Support is one of the most expensive
pieces of any company that deals with the public.

6. You may not be allowed to install additional software without voiding
your warranty. In fact, yet again, off you go to the factory dealer to get
ANY software installed at all. 

7. You would probably put out of business hundreds if not thousands of
software companies that couldn't handle this support model including tons of
open source companies that you personally like. 

8. New products would come out much slower and advances in the art would go
much slower as companies would be afraid of the costs of putting something
out that wasn't pretty darn perfect. Note that perfect is impossible so it
could be 8-10-12 years before you see that new version of the game you like.
Additionally, the art would be artifically slowed down just so you were
always running on known good hardware and software. Look at how many banks
and financial institutions still run OS/2 software on old IBM OPT series
computers.... Why? Because it is a known good for their application. 



> That burden of fixing the flawed product is now on the consumer, not the
producer.

This statement is blatantly incorrect. Are you recoding the broken pieces?
Nope. You are installing the fix. Just like if your gateway PC blew a
harddrive you would be installing the new harddrive gateway shipped you. Be
happy gateway allows you to do that, they could say you have to ship it to
them. 



There is no such thing as perfect software. There is no such thing as
perfect anything. Everything has some sort of flaws. Whether any given flaw
impacts you or not is another story. Anything made in any volume has a given
percentage that is expected to be bad. This is why you can expect to
occasionally have bugs in your food and issues in your electronics and bugs
in your software. It is a fact of life. The more you are willing to pay,
generally the better quality you will get. Look at NASA, go find out how
much they paid for the OS and system boards for the Mars rovers. How long
did they expect them to last? Contrast that with what you spent and the
useful life you are expecting. You want to look at cars, look at the
RollsRoyce, the Bentley, the Aston. What do they cost in relation to your
Chevy or Ford or Honda? You very rarely hear about RollsRoyce recalls...
They must be perfect, especially with how much you pay... Ummm nope.



  joe




-----Original Message-----
From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of Frank Knobbe
Sent: Thursday, July 01, 2004 11:24 AM
To: Denis Dimick
Cc: FULL-DISCLOSURE@...ts.netsys.com
Subject: Re: [Full-Disclosure] Web sites compromised by IIS attack


<Various snippages to chop this down...>


List me 5 other products where is it assumed and accepted that the purchased
products has flaws.

That burden of fixing the flawed product is now on the consumer, not the
producer. That's what's wrong. The producer should fix the problem, not you.





Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ