funsec mailing list archives
Re: Trend says open source is automatically insecure
From: security curmudgeon <jericho () attrition org>
Date: Sat, 15 Jan 2011 20:07:41 -0600 (CST)
On Sat, 15 Jan 2011, Paul Ferguson wrote: : On Sat, Jan 15, 2011 at 4:10 PM, Rob, grandpa of Ryan, Trevor, Devon & : Hannah <rMslade () shaw ca> wrote: : : > http://bit.ly/fp9Azh+ : : Actually, what Steve Chang (our Chairman) said was ?Android is : open-source, which means the hacker can also understand the underlying : architecture and source code.? : : People have really blown his remarks out of proportion. It is still an alarmist and silly statement, and really shows that he isn't familiar with vulnerabilities and history. While it can help, it certainly isn't necessary to find vulnerabilities in a product: http://osvdb.org/search?search[vuln_title]=trend+micro&search[text_type]=titles He also said: ".. It's impossible for certain types of viruses" to operate on the iPhone, he said. Using the word 'impossible' in the land of vulnerabilities and exploits is dangerous. I believe the l0pht demonstrated that with some 'theoretical' vulnerability in Sendmail. And: "Chang said he's betting Android users will start to buy more security software for mobile devices." If Trend Micro doesn't offer Droid based security software right now, I'd bet a few bucks they will in the next quarter or two. Oh wait, if I keep reading.. "On Jan. 7, Tokyo-based Trend Micro released Mobile Security for Android, .." There we go, the foundation of his statements! BTW, do you still work for Trend Micro Paul? - security curmudgeon _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Trend says open source is automatically insecure Rob, grandpa of Ryan, Trevor, Devon & Hannah (Jan 15)
- Re: Trend says open source is automatically insecure Paul Ferguson (Jan 15)
- Re: Trend says open source is automatically insecure security curmudgeon (Jan 15)
- Re: Trend says open source is automatically insecure Paul Ferguson (Jan 15)
- Re: Trend says open source is automatically insecure security curmudgeon (Jan 15)
- Re: Trend says open source is automatically insecure Paul Ferguson (Jan 15)