lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAH8yC8mCuYiuAdh51HJ97qn0ogT+TRuxPdgz0wi-vTbF6w3dWQ@mail.gmail.com> Date: Mon, 21 Jan 2013 18:08:11 -0500 From: Jeffrey Walton <noloader@...il.com> To: Ian Hayes <cthulhucalling@...il.com> Cc: Full-Disclosure <full-disclosure@...ts.grok.org.uk> Subject: Re: Student expelled from Montreal college after finding vulnerability that compromised security of 250, 000 students personal data On Mon, Jan 21, 2013 at 5:57 PM, Ian Hayes <cthulhucalling@...il.com> wrote: > On Mon, Jan 21, 2013 at 2:54 PM, Jeffrey Walton <noloader@...il.com> wrote: >> On Mon, Jan 21, 2013 at 5:42 PM, Philip Whitehouse <philip@...uk.com> wrote: >>> a class A moron. >> What does that make Omnivox, which appears to have done no testing? > > The two conditions are not mutually exclusive. Hence the reason for "appears to have done no testing." Developer driven security is some of the worst security I have seen. Its the reason for this (and few other) list. Obvious flaws (obvious to a security professional) tells me Omnivox has problems with their engineering process (perhaps incomplete testing, perhaps no testing). Jeff _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists