Bugtraq mailing list archives
Re: new iss stuff
From: awatts () elecsun5 elec uow edu au (Andrew Watts)
Date: Wed, 11 May 1994 10:47:16 +1000 (EST)
Sure - if you want your security to be dependent on a black box. And you really believe that NO contributed code was not included in it, code for which the orignal writers are not getting a DIME? The price would be reasonable, IF IT INCLUDED SOURCE. But it doesn't. For source its well over a grand. Its back to security through obscurity (only now its 'security through black boxes').
Have you seen a copy of the commercial product? Have you asked the supplier for a copy of the source to check your allegation that contributed code was used in it? Because let's face it, you basically just accused them of that. Have you also consulted with the supplier to find out what information he will supply regarding what the program checks for, and what holes it attempts to discover and correct? Perhaps the supplier will be more than happy to share with those who purchase this product information about the particular security problems. I don't know these things for a fact, but have _you_ investigated first, it semems you're making alot of assumptions on behalf of the supplier which may turn out to be totally unfounded.
The bad taste remains. I smell a gouge playing on fear. If they decide to make the sources affordable, perhaps I will change my viewpoint. Otherwise, they are making the decisions FOR the using admin, not allowing him to decide what he wants to check.
How many people who sell word processors provide it with source? How many companies who sell packages which make minor kernel patches provide it with entire source? Sweet bugger all do. So why should this be any different?
As I said: NO SALE.
I Say: Give it a chance. (But then no one probably gives a rats ass what I think, perhaps they dont care what you think either? :) Me. -- Andrew Watts - awatts () elecsun5 elec uow edu au 'If you need someone to blame, throw a rock in the air, you'll hit someone guilty.' - U2, Dirty Day.
Current thread:
- Re: [8lgm]-Advisory-7.UNIX.passwd.11-May-1994, (continued)
- Re: [8lgm]-Advisory-7.UNIX.passwd.11-May-1994 Pat Myrto (May 13)
- Re: [8lgm]-Advisory-7.UNIX.passwd.11-May-1994 Gene Spafford (May 13)
- Re: Time For New Security Package? (was Re: new iss stuff) Mark (May 10)
- Selling binaries Karyn Pichnarczyk (May 10)
- Re: new iss stuff Everett F Batey WA6CRE (May 10)
- Re: new iss stuff root () maths su oz au (May 10)
- Re: new iss stuff der Mouse (May 10)
- Re: new iss stuff Timothy Newsham (May 10)
- Re: new iss stuff jallen () nersc gov (May 10)
- Re: new iss stuff Pat Myrto (May 10)
- Re: new iss stuff Andrew Watts (May 10)
- Re: new iss stuff Pat Myrto (May 10)
- Re: new iss stuff Steven C. Blair (May 10)
- iss: _my_ last two cents der Mouse (May 11)
- Re: new iss stuff Pat Myrto (May 10)
- passwd -F Steve Mitchell (May 10)
- Re: passwd -F Pat Myrto (May 10)
- Re: passwd -F Daniel Azuelos (May 11)
- Re: passwd -F Casper Dik (May 11)