lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <AANLkTinaTMnUzZc7Oqe-=3qx_642ffkZXgrmvGr5dsT=@mail.gmail.com>
Date: Sat, 15 Jan 2011 14:14:09 -0500
From: Dan Tulovsky <dant@...snow.com>
To: Григорий Братислава
	<musntlive@...il.com>
Cc: full-disclosure@...ts.grok.org.uk, lists@...com.org
Subject: Re: Remedy for Getting Off is Patch

This may be a troll, but it reminds me of something a fellow sysadmin
said in a meeting once:

"Firewalls?  Who needs firewalls?  If you properly maintain your end
system, you don't need a firewall."

2011/1/14 Григорий Братислава <musntlive@...il.com>:
> Hello full disclosure!!!
>
>   I'd like to warn you about Patches.  As is everyone knows,  patches
> is are pieces of is software that software manufacturers is make to
> fix their is horrendous programs.  Is you not patch,  you is get
> owned.  Gone is under sixty seconds.
>
> As is say on Wikipedia  --  "A security patch is a change applied to
> an asset to correct the weakness described by a vulnerability.  This
> corrective action will prevent successful exploitation and remove or
> mitigate a threat’s capability to exploit a specific vulnerability in
> an asset.  Security patches are the primary method of fixing security
> vulnerabilities in software.  Currently Microsoft releases its
> security patches once a month, and other operating systems and
> software projects have security teams dedicated to releasing the most
> reliable software patches as soon after a vulnerability announcement
> as possible.  Security patches are closely tied to responsible
> disclosure."
>
>
>   As in say by musntlive  --  "A security patch is is a change
> applied is to an asset is to correct ignorance and stupidities of
> developers of is application because is their application is
> ownerizable.  This is corrective action and is nothing more than is
> bandaid to prevent temporary exploitation and is remove vulnerability
> for short amount of is time.  Security patches is only method of
> vendors like is Microsoft is to cover their осёл.  'Is we is Microsoft
> and is sure we make sloppy software.'  All software is beta присоска!
> And is you is stupid for buying is software.  Security patches is
> closely tied with sloppy coding and is rushing to market."
>
>  Is argue by Thor (who is musntlive respect) as is is arguement by
> Valdis (who is musntlive respect is усы) is Pete Herzog (who is
> musntlive respect) say:  'defense in depth'  --  "the more reason to
> implement an array of controls (defense in width) for the interactive
> points rather than rely on patches to fix ONLY the problems you know
> about."  Now is musntlive lay smack down on is everyone even is I
> respect all of you.
>
>  Is Pete you must understand is I pay $40,000.00 or give 10,000
> little сурок trade for software  -  I is expect software to is work
> how I want is work.  I is build my business on is this application so
> when is code is changed now I is has to maybe accept it yes or is not
> accept it.  Is I accept is change is software maybe break my system
> and is cost me money or possibly worse сурок!! Is who присоска
> now!!??!!??
>
>  Is patch no answer!!  Because is New Year musntlive offers everyone
> fair solution to is fix:  OpenBSD.  Now is when you have security
> issues since is your machine backdoored is you can ask Theo or the FBI
> to fix is your machine.
>
>
> Thank is you all for support in 2011
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ