Firewall Wizards mailing list archives

Re: bodacion

From: Dave Piscitello <dave () corecom com>
Date: Mon, 20 May 2002 20:06:04 -0400

If they had advertised it as a security hardened server,
I would have probably been more inclined to research
further. The claims are so overblown, and as you point out,
the security "issues" they claim to solve seem like so much
misdirection, I'm surprised I haven't seen anyone rant about
it...

until you :-)

Thanks,

Dave

At 03:36 PM 5/20/2002 -0700, Crispin Cowan wrote:

Dave Piscitello wrote:

Has anyone had an opportunity to talk with or play with this
embedded server? They claim it's unhackable and crashproof,
built on what appears to be a proprietary OS but supporting
web over IP, SSL, etc.

I have not actually played with the product, but it is fun to play "spotthe snake-oil claim" on their web site :)


   * A "virus proof" web server. As compared to all those virus
     problems that Apache has :)
   * "Biomorphic technology" blah blah ... custom/proprietary
     (pseudo?)random number generator. As if that's the biggest
     security risk on a web server. Consider Schneier's views on the
     use of private ciphers, especially those with large & unusual
     technical terminology.
   * "No operating system" claiming that the Code Red problem was
     OS-related, when it was actually a buffer overflow in IIS (IIRC,
     it was an IIS add-on).

But as I've said, I've never actually looked at a Bodacion. Who knows,perhaps it really is hacker proof :)

Disclaimer: My company also sells a security-hardened web server, so thesereally are the views from a competitor. But the reasons I claim ourproduct is more secure get published in places like USENIX.


Crispin

--
Crispin Cowan, Ph.D.
Chief Scientist, WireX Communications, Inc. http://wirex.com
Security Hardened Linux Distribution:       http://immunix.org
Available for purchase: http://wirex.com/Products/Immunix/purchase.html



David M. Piscitello
Core Competence, Inc. &
The Internet Security Conference
3 Myrtle Bank Lane
Hilton Head, SC 29926
dave () corecom com
www.corecom.com
www.tisc2002.com
hhi.corecom.com/~yodave/


_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards

Current thread:

Re: bodacion Crispin Cowan (May 21)
- Re: bodacion Dave Piscitello (May 21)
- <Possible follow-ups>
- Re: bodacion David Klann (May 21)
  - Re: bodacion Carric Dooley (May 22)
- RE: bodacion Christopher Gripp (May 21)
- RE: bodacion Philip J. Koenig (May 22)