Re: ftp was hacked
From: Wine Development (wine@sweeney.demon.co.uk)Date: 01/03/02
- Next message: R Pradeep Chandran: "Re: Disabling telnet access to wheel group."
- Previous message: Kasper Dupont: "Re: How to allow Pcanywhere client to go through iptables firewall"
- In reply to: Tim Haynes: "Re: ftp was hacked"
- Next in thread: Tim Haynes: "Re: ftp was hacked"
- Reply: Tim Haynes: "Re: ftp was hacked"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Wine Development <wine@sweeney.demon.co.uk> Date: Thu, 03 Jan 2002 09:11:43 +0000
Tim Haynes wrote:
>
> Wine Development <wine@sweeney.demon.co.uk> writes:
>
> > John Thompson wrote:
> > >
> > > In article <3C2E983E.F1141061@yahoo.com>, Ed Turner wrote:
> > >
> > > > There was an advisory on WU-FTPd. The program has a serious flaw.
> > >
> > > Which was quickly fixed.
> >
> > Very true, but there is a maxim among quality specialists which reads
> > 'The greater the number of bugs found to date the greater the likelihood
> > of there being more still to be found' .
> >
> > This applies to all software products, not just those issuing forth from
> > Redmond.
>
> Yes. We've encountered it here before over "is qmail secure?" and "just run
> djbdns instead" and suchlike. It all depends on how much you consider past
> performance to be an indicator of the future.
>
I think the crucial matter is - was it patched or rewritten. If
patching was the 'fix' the the past history is probably a fairly good
guide. Only after a couple of years of heavy and widespread use
without problems can one really say the nasties have probably gone
away - look at the history of IIS with bugs suddenly being discovered
that go back 2 or 3 releases.
A rewrite (a la Bind8/Bind9) is a different matter, especially if done
by a different designer+coder combination. Here we have a disjoint,
and while the new product may turn out to be worse from a security
point of view the problem history will certainly be different and only
time will resolve.
I have never subscribed to the 'latest has got to be best' theory,
things are never that simple, MS (in their usual style in such
matters) have amply demonstrated that as well.
-- Keith Matthews Spam trap - my real account at this node is keith_mFrequentous Consultants - Linux Services, Oracle development & database administration
- Next message: R Pradeep Chandran: "Re: Disabling telnet access to wheel group."
- Previous message: Kasper Dupont: "Re: How to allow Pcanywhere client to go through iptables firewall"
- In reply to: Tim Haynes: "Re: ftp was hacked"
- Next in thread: Tim Haynes: "Re: ftp was hacked"
- Reply: Tim Haynes: "Re: ftp was hacked"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
