OT: Snosoft vs HP

[full-disclosure () lists netsys com (Tom Perrine)]

> > > > > On Wed, 31 Jul 2002 23:56:38 -0400 (EDT), Jonathan Rickman <jonathan () xcorps net> said:

    JR> On Wed, 31 Jul 2002, Jay D. Dyson wrote:
    >> I've said it before and I'll say it again: it's about time those
    >> of us in the security community started to cut the legs out from under
    >> these corporate behemoths.  They've been hammering us long enough with
    >> these litigious abominations; it's about damned time we fired back.

    JR> Amen brother. HP should receive no quarter from anyone in the community
    JR> until they apologize, publicly. Discover, publish. Discover, publish.
    JR> Simple as that. I think they chose to ignore the problem because they are
    JR> dropping the product. Maybe it's just me, but I find that inexcusable. I'm
    JR> just grateful that we have this list to discuss things openly.

This is not the first time that HP has been a specific target. Back in
1996-1997 (IIRC) there was a person or group (SOD?) vowing to release
one HP-UX bug each week, unless HP started cleaning up their act.

It was lots of exploits, lots of pretty crappy coding exposed.

Turns out that if you did a "find" on the HP-UX source code (which had
recently slipped out) for "strcpy()" calls, you would get some of the
modules in the order that matched the "HP bug of the week"
announcements.

-- 
Tom E. Perrine <tep () SDSC EDU> | San Diego Supercomputer Center 
http://www.sdsc.edu/~tep/     |