lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <4D34961A.6090903@isecom.org>
Date: Mon, 17 Jan 2011 20:18:50 +0100
From: Pete Herzog <lists@...com.org>
To: "Thor (Hammer of God)" <thor@...merofgod.com>
Cc: Zach C <fxchip@...il.com>,
	"Valdis.Kletnieks@...edu" <Valdis.Kletnieks@...edu>,
	"full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk>
Subject: Re: Getting Off the Patch

> Fortunately this isn't the type of list where people would challenge your "large company"

Thanks, good to know. And I was 18 when I did the sting operations. 
You misread (again).

>
> Now, what I did there was insulting, confrontational, and a general shitty thing to do.

Expected. Nothing that I wouldn't put past you.

>
> But with this approach, you are asking us to do the exact same thing when we

This is a very limited point of view and you are inferring this.

> You cannot use the "if you don't like my driving then stay off the sidewalk" defense

Wow, you're still inferring a whole bunch of things there and even 
saying things I didn't say. You are so taking this all out of context.


> I chose that example specifically because it represented an unpatched environment

Sorry you were dissatisfied with the examples. I'll try harder for you 
next time.

> I didn't find it a challenge to read at all; it was quite easy.

Criticism noted.

>
> Your stating that "you think that op-controls can't protect where patches

Of course your argument is your opinion. One that can be surely backed 
by many stats from many companies making money off that particular 
model. And those stats also show it doesn't work consistently. Why not 
try something different? I am presenting a different model is all. 
Sorry you don't like it. It works for others that have tried.

>
> I have clearly stated that these controls should already be in place, and

I disagree. I think it's a shame that someone who has occasionally 
decent things to say can be so brainwashed to suggest patching must be 
done. Good luck with that.

> I'm glad I have operated with the parameters of your expectation.

I'm happy now that you're glad :)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ