Bugtraq mailing list archives
Re: Breeze Network Server remote reboot and other bogosity.
From: klmitch () MIT EDU (Kev)
Date: Fri, 1 Jan 1999 16:29:59 EST
production machine. I explained that we had some things to work on, and that we had a security review planned after we had ensured that the machine was stable and functional.
With all due respect, this is not the way to craft a secure product. Security must be designed in from the beginning; reviewing the security after everything else is already done simply will not result in a secure product. Even a testing release, such as your company provided to Mr. Vardomskiy's, needs to display some security awareness if it is intended to be a secure product after release. His report seems to indicate a lack of such forethought on the part of your developers. -- Kevin L. Mitchell <klmitch () mit edu> ------------------------- -. .---- --.. ..- -..- -------------------------- http://web.mit.edu/klmitch/www/ (PGP keys availiable from here) RSA AE87D37D/1024: DE EA 1E 99 3F 2B F9 23 A0 D8 05 E0 6F BA B9 D2 DSS ED0DB34E/1024: D9BF 0E74 FDCB 43F5 C597 878F 9455 EC24 ED0D B34E DH 2A2C31D4/2048: 1A77 4BA5 9E32 14AE 87DA 9FEC 7106 FC62 2A2C 31D4
Current thread:
- Vulnerability database workshop, (continued)
- Vulnerability database workshop Gene Spafford (Jan 04)
- Re: Anonymous Qmail Denial of Service Nick Andrew (Jan 04)
- Improved icmp time/mask querying program David G. Andersen (Jan 04)
- Re: Anonymous Qmail Denial of Service Illuminatus Primus (Jan 04)
- Re: Anonymous Qmail Denial of Service Nick Maclaren (Jan 04)
- Sendmail 8.9.2 released Patrick Oonk (Jan 04)
- SUN almost has a clue! (automountd) (fwd) Robert Borrell (Jan 04)
- Re: SUN almost has a clue! (automountd) (fwd) Bojan Zdrnja (Jan 05)