Bugtraq mailing list archives
Re: Full Disclosure works, here's proof:
From: karl () bagpuss demon co uk (Karl Strickland)
Date: Mon, 5 Dec 1994 00:49:12 +0000 (GMT)
Karl Strickland wrote: Bela> This is ridiculous. You'd decline to install a security patch because Bela> you think not enough hackers know about the hole? Karl> One important point is, if you dont know what the hole is, you cant be Karl> sure its fixed. Some people are more reluctant to take these things Karl> on trust, after seeing what happened with Sun's binmail patches. If the reader believes that the holes originally exist as stated and that SCO has made a good faith effort to fix them, it is sensible to install the fixes even if it eventually turns out that a narrower hole remains.
What if it turns out that they open an even bigger hole? Im thinking of binmail.
It's analogous to a terminal cancer patient being told that he can try a promising but untested new drug -- except in this case it's cured all the lab rats, so the doctor has very high hopes for the drug.
You imply your patches go out without any testing :-)
I suppose some readers could think the whole thing was an elaborate collaborative hoax between 8LGM and SCO to *introduce* Trojan horses... I can't help anyone who is that paranoid.
Is that *I* as in Bela or *I* as in SCO? (No disclaimer in this one). In the end vendors will do whatever they have to do to stay in business. As users become more educated on security-issues, they may decide that they'd rather have vendors who take security seriously, fix bugs quickly and are more open about the whole process. When these paranoid people decide to vote with their chequebooks, maybe SCO, Sun, SGI, DEC and everyone else will be a little more willing to help. ------------------------------------------+----------------------------------- Mailed using ELM on FreeBSD | Karl Strickland PGP 2.3a Public Key Available. | Internet: karl () bagpuss demon co uk |
Current thread:
- Re: pt_chmod, (continued)
- Re: pt_chmod Karl Strickland (Dec 02)
- mktemp.. *Hobbit* (Dec 02)
- bugtraq list problems (resolved?) Admin/Support (Dec 02)
- full-disclosure list Pete Hartman (Dec 02)
- Re: Full Disclosure works, here's proof: Christopher Klaus (Dec 03)
- Re: Full Disclosure works, here's proof: Bela Lubkin (Dec 03)
- Re: Full Disclosure works, here's proof: Karl Strickland (Dec 04)
- Re: Full Disclosure works, here's proof: Paul 'Shag' Walmsley (Dec 04)
- Re: Full Disclosure works, here's proof: Christopher Klaus (Dec 04)
- Re: Full Disclosure works, here's proof: Karl Strickland (Dec 04)
- Re: Full Disclosure works, here's proof: Bela Lubkin (Dec 04)
- Re: Full Disclosure works, here's proof: Karl Strickland (Dec 04)
- Re: Full Disclosure works, here's proof: smb () research att com (Dec 05)
- Re: Full Disclosure works, here's proof: Randy Bias (Dec 05)