Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Netscape Problems.

From: zen-parse <zen-parse () gmx net>
Date: Wed, 27 Nov 2002 12:22:59 +1300 (NZDT)
On Tue, 26 Nov 2002, Georgi Guninski wrote:


zen-parse wrote:



In case people haven't noticed yet, Open Source is not more secure.



I disagree with this conclusion.

Can you please give more details how you concluded this based on your post.

In no particular order, here are some thoughts.

1. You mention several mozilla bugs, most (all?) of which are fixed. Are you 
aware of the amount of internet exploder bugs?


Not precisely, but one bug is all it takes to make a product insecure.
 

2. I can understand you are angry at Netscape, but please don't mix corporate 
emotions with open source. From personal experience, several years ago, I 
managed to cash all of the *reproducible exploits* bounty claims against 
netscape products. Are you sure your claims are *reproducible exploits*?


Yes. Details have been supplied for all of them, when asked by netscape. 
If no further information was requested, I assumed it was reproducable. 

 

3. From the email headers of your post, I am inclined to think that you are 
using *open source* email client and smtp server - probably linux.
Am I wrong? If not, why have you chosen open source email solution and not 
windoze, e.g.?


Yes. I am. I also use Windows XP. I originally used linux because of a 
hacker wargame, and now I use it because I like it. It only takes one bug 
though to make an insecure product.
 

4. How can one be sure there are no bugs in closed source involving magic 
numbers like 536870912 (from your post)?
Can one tell if closed source is not backdoored?
Do you trust m$'s tru$tworthy computing so much? Do you use it at all?


Would be nice, but nope I can't see hidden features.

Nope. No idea what features most of them have.

Not really, but I use it. (Never attribute to malice what can readily be
attributed to stupidity.)
 
-- zen-parse
 

-- 
-------------------------------------------------------------------------
1) If this message was posted to a public forum by zen-parse () gmx net, it 
may be redistributed without modification. 
2) In any other case the contents of this message is confidential and not 
to be distributed in any form without express permission from the author.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: