| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1303989524.2513.17.camel@hp> Date: Thu, 28 Apr 2011 14:18:44 +0300 From: Tõnu Samuel <tonu@....ee> To: Christian Sciberras <uuf6429@...il.com> Cc: full-disclosure@...ts.grok.org.uk Subject: Re: Barracuda backdoor On Thu, 2011-04-28 at 12:59 +0200, Christian Sciberras wrote: > Oh I'm sure someone on the list is going to help you. > Just give us SSH and root access and we'll do the hard work for you. > See, that's being open, not closed...! Sure someone can do. I happen to know some people who are able to reverse engineer anything on PC but they are busy doing useful stuff instead of proving someones bad intentions in Barracuda. To me it looks like only correct way for Barracuda is to issue clear statement that they remove all such "features" from their products and and issue free patch for this. And yes, I am sure if Barracuda will act to hide problem we soon see what else community find out. World is weird. I happen to write review on all Barracuda product line at same time. I will praise their product as "works of out of box" and meanwhile I do not recommend such timebomb into server room but pay some guy to configure postfix with all proper addons instead. Also this fact already changed two "go" desicions from Barracuda to "no-go" ones in my close contacts. Tõnu _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists