Full Disclosure mailing list archives

Re: Is the FBI using email Web bugs?

From: Ciro <domino () asgardnet org>
Date: Thu, 8 Jan 2004 23:08:13 -0500 (EST)

On Thu, 8 Jan 2004, bryce wrote:

Date: Thu, 08 Jan 2004 19:44:44 -0800
From: bryce <lord_ph () comcast net>
To: full-disclosure () lists netsys com
Subject: Re: [Full-disclosure] Is the FBI using email Web bugs?

Azerail wrote:

On Thu, 08 Jan 2004, Jonathan A. Zdziarski wrote:

Actually, my email client "mutt" makes me feel quite safe.  Is there
something I am overlooking?


Lack of features != security



I'm sorry, you've just proved beyond a doubt that you don't know what
you are talking about.  Sorry to have to put it like that, but there
it is.

Azerail


Ok Azerail, if you feel that Johnathan's statement is so incorrect as to
be insulting, then prove him wrong. Share with us why you feel that LoF
!= security. Logically and statistically(sp)the more lines of code in a
program, the greater the chance of a bug. And you can't add features to
a program without adding code( if anyone has proven me wrong on this i
would love to talk to you about it ;) ). Thus by adding features to a
program you are adding in bugs(although we try otherwise).

What is wrong with this logic???

b.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


Just to pipe in here, it looks like you have your attributions wrong.
Jonathan was the one that said Lack of features != security. Given the
subject matter being replied to (mutt) there are several things wrong
with that logic, not the least of which is what you already pointed out:

Feature++ = bloat = bugs++. In the interest of fairness, this is shown
on the mutt.org bugs page too. Mutt has many features, and lots of bugs.
Yet it's still considered safer than OE by many because of the NATURE of
those features. Many (myself included) consider rendering HTML mail a
"bug" and not a feature.


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Re: Is the FBI using email Web bugs?, (continued)
- - - Re: Is the FBI using email Web bugs? Gregh (Jan 08)
    - Re: Is the FBI using email Web bugs? Azerail (Jan 08)
    - Re: Is the FBI using email Web bugs? Jonathan A. Zdziarski (Jan 08)
    - OT: (*Again?*) Mail Clients (Was: Re: Is the FBI using email Web bugs?) Damian Gerow (Jan 08)
    - Re: OT: (*Again?*) Mail Clients (Was: Re: Is the FBI using email Web bugs?) Nico Golde (Jan 08)
    - Re: Is the FBI using email Web bugs? José María Mateos (Jan 08)
    - Re: Is the FBI using email Web bugs? jan . muenther (Jan 08)
    - Re: Is the FBI using email Web bugs? Azerail (Jan 08)
    - Re: Is the FBI using email Web bugs? bryce (Jan 08)
    - Re: Is the FBI using email Web bugs? Azerail (Jan 09)
    - Re: Is the FBI using email Web bugs? Ciro (Jan 09)
    - Re: Is the FBI using email Web bugs? Jonathan A. Zdziarski (Jan 09)
    - Re: Is the FBI using email Web bugs? Valdis . Kletnieks (Jan 07)
    - Re: Is the FBI using email Web bugs? Dani Wuck (Jan 07)
    - Re: Is the FBI using email Web bugs? madsaxon (Jan 07)
    - Re: Is the FBI using email Web bugs? Paulo Pereira (Jan 11)
    - RE: Is the FBI using email Web bugs? Poof (Jan 11)
    - Re: Is the FBI using email Web bugs? Gary E. Miller (Jan 11)
    - auditing / logging while performing pen test n30 (Jan 11)
    - Re: auditing / logging while performing pen test Nico Golde (Jan 12)
    - Re: auditing / logging while performing pen test Wojciech Pawlikowski (Jan 12)

(Thread continues...)