Dailydave mailing list archives

Re: News, dumbug, prediction rebuttals.

From: Adam Shostack <adam () homeport org>
Date: Thu, 22 Dec 2005 16:04:12 -0500

On Thu, Dec 22, 2005 at 12:23:42PM -0800, Blue Boar wrote:
| Dave Aitel wrote:
| >IMO, intense auditing is really just a warm up. OpenSSH is the most
| >intensely audited code on the planet and it still has problems that
| >require them to change their architecture to avoid exposing too much
| >code to the pre-auth world.
| 
| Is it really "require", or are they simply doing more paranoid things, 
| which have served them well in the past?

Your point about "required" is well taken.  At the same time, it seems
wrong to call behaviors which have served well "paranoid." 

Adam

Current thread:

Re: News, dumbug, prediction rebuttals., (continued)
- - Message not available
    - Re: News, dumbug, prediction rebuttals. Dave Aitel (Dec 21)
- Re: News, dumbug, prediction rebuttals. Anton Chuvakin (Dec 21)
  - Re: News, dumbug, prediction rebuttals. David J. Bianco (Dec 21)
    - Re: News, dumbug, prediction rebuttals. Anton Chuvakin (Dec 22)
    - Message not available
    - Re: News, dumbug, prediction rebuttals. Anton Chuvakin (Dec 23)
    - Message not available
    - Re: News, dumbug, prediction rebuttals. Anton Chuvakin (Dec 23)
- Re: News, dumbug, prediction rebuttals. Florian Weimer (Dec 22)
- Message not available
  - Re: News, dumbug, prediction rebuttals. Dave Aitel (Dec 22)
    - Re: News, dumbug, prediction rebuttals. Florian Weimer (Dec 22)
    - Re: News, dumbug, prediction rebuttals. Blue Boar (Dec 22)
    - Re: News, dumbug, prediction rebuttals. Adam Shostack (Dec 22)
    - Re: News, dumbug, prediction rebuttals. plonky (Dec 22)
    - Message not available
    - Re: News, dumbug, prediction rebuttals. plonky (Dec 23)
- Re: News, dumbug, prediction rebuttals. sgc (Dec 22)
- RE: News, dumbug, prediction rebuttals. Marc Maiffret (Dec 27)