Dailydave: Re: News, dumbug, prediction rebuttals.

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Dailydave mailing list archives

Re: News, dumbug, prediction rebuttals.

From: Adam Shostack <adam () homeport org>
Date: Thu, 22 Dec 2005 16:04:12 -0500

On Thu, Dec 22, 2005 at 12:23:42PM -0800, Blue Boar wrote:
| Dave Aitel wrote:
| >IMO, intense auditing is really just a warm up. OpenSSH is the most
| >intensely audited code on the planet and it still has problems that
| >require them to change their architecture to avoid exposing too much
| >code to the pre-auth world.
| 
| Is it really "require", or are they simply doing more paranoid things, 
| which have served them well in the past?

Your point about "required" is well taken.  At the same time, it seems
wrong to call behaviors which have served well "paranoid." 

Adam

By Date By Thread

Current thread:

Re: News, dumbug, prediction rebuttals., (continued)
- Re: News, dumbug, prediction rebuttals. Florian Weimer (Dec 22)
- Message not available
  - Re: News, dumbug, prediction rebuttals. Dave Aitel (Dec 22)
    - Re: News, dumbug, prediction rebuttals. Florian Weimer (Dec 22)
    - Re: News, dumbug, prediction rebuttals. Blue Boar (Dec 22)
    - Re: News, dumbug, prediction rebuttals. Adam Shostack (Dec 22)
    - Re: News, dumbug, prediction rebuttals. plonky (Dec 22)
    - Message not available
    - Re: News, dumbug, prediction rebuttals. plonky (Dec 23)
- Re: News, dumbug, prediction rebuttals. sgc (Dec 22)
- RE: News, dumbug, prediction rebuttals. Marc Maiffret (Dec 27)