Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: openssh remote exploit

From: Peter Busser <peter () trusteddebian org>
Date: Fri, 19 Sep 2003 14:52:55 +0200
Hi!


Really ?  I think you'll find that there are quite a number of people,
aside from myself, who think that the "1 exploit in X years" is on one
end of it as misleading and the other end, a lie, excluding this current
openssh problem.


It's a statistic. 'nuf said.


Some people, like you, believe openbsd/openssh is the best software
that exists today. Others don't and I'm sure there are examples and
counter examples to prove either side.  My only advice is try not to
take criticism of it personally.


Q. What is the difference between a used car sales person and a computer sales
   person?
A. The used car sales person knows when he is lieing.

Decades of research on computer security have not provided any proof for the
believe that you can turn an insecure operating system (like UNIX) into a
highly secure system.

It is like transforming a family car into an F1 racing car by putting an F1
motor in and attaching spoilers. Somehow I don't think such a car will win any
race.

Yet in the IT security field, a number of people claim that it is possible and
that you can win every race too.

Groetjee,
Peter Busser
-- 
The Adamantix Project
Taking trustworthy software out of the labs, and into the real world
http://www.adamantix.org/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: