Re: U.S. military helps fund Calgary hacker with $2.3 million

[Blue Boar <BlueBoar () thievco com>]

Pekka Savola wrote:
> That claim is certainly untrue.
>
> If you take a default install from 7 years back, you certainly have more
> remote holes, in services that have since been removed from the default
> install -- looking 7 years back from *current* default install, not
> default install *7 years back*.

I think that's what they're trying to claim.  IIRC, the hole that got them 
to change to the current "only one hole..." was one of the OpenSSH holes. 
What other remote hole(s) were in the default install?

OpenBSD is supposed to be June 1, 1997, so I guess the 7 years is intended 
to cover the entire life of OpenBSD?

(I am an OpenBSD fan in general, and I think they have a strong security 
track record.  I don't think the current claim under discussion is 
particularly strong though... if you want to be sarcastic, my Apple ][, 
C64, and MS-DOS machines have had 0 remote holes in the default installs 
for 20-odd years, and I don't see that changing anytime soon.)

                                                BB

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html