Bugtraq mailing list archives

Re: Full Disclosure works, here's proof:

From: belal () sco COM (Bela Lubkin)
Date: Sun, 4 Dec 1994 01:11:43 -0800


Karl Strickland wrote:

Bela> This is ridiculous.  You'd decline to install a security patch because
Bela> you think not enough hackers know about the hole?

Karl> One important point is, if you dont know what the hole is, you cant be
Karl> sure its fixed.  Some people are more reluctant to take these things
Karl> on trust, after seeing what happened with Sun's binmail patches.

If the reader believes that the holes originally exist as stated and
that SCO has made a good faith effort to fix them, it is sensible to
install the fixes even if it eventually turns out that a narrower hole
remains.  It's analogous to a terminal cancer patient being told that he
can try a promising but untested new drug -- except in this case it's
cured all the lab rats, so the doctor has very high hopes for the drug.

I suppose some readers could think the whole thing was an elaborate
collaborative hoax between 8LGM and SCO to *introduce* Trojan horses...
I can't help anyone who is that paranoid.

Bela<

Current thread:

pt_chmod, (continued)
- pt_chmod carson () lehman com (Dec 02)
  - Re: pt_chmod Karl Strickland (Dec 02)
  - mktemp.. *Hobbit* (Dec 02)
- bugtraq list problems (resolved?) Admin/Support (Dec 02)
- full-disclosure list Pete Hartman (Dec 02)
- Re: Full Disclosure works, here's proof: Christopher Klaus (Dec 03)
- Re: Full Disclosure works, here's proof: Bela Lubkin (Dec 03)
  - Re: Full Disclosure works, here's proof: Karl Strickland (Dec 04)
    - Re: Full Disclosure works, here's proof: Paul 'Shag' Walmsley (Dec 04)
  - Re: Full Disclosure works, here's proof: Christopher Klaus (Dec 04)
- Re: Full Disclosure works, here's proof: Bela Lubkin (Dec 04)
  - Re: Full Disclosure works, here's proof: Karl Strickland (Dec 04)
- Re: Full Disclosure works, here's proof: smb () research att com (Dec 05)
- Re: Full Disclosure works, here's proof: Randy Bias (Dec 05)