Re: ftp was hacked
From: Tim Haynes (usenet@stirfried.vegetable.org.uk)Date: 01/03/02
- Next message: Kasper Dupont: "Re: Disabling telnet access to wheel group."
- Previous message: Dean Thompson: "Re: How to allow Pcanywhere client to go through iptables firewall"
- In reply to: Wine Development: "Re: ftp was hacked"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Tim Haynes <usenet@stirfried.vegetable.org.uk> Date: 03 Jan 2002 12:20:44 +0000
Wine Development <wine@sweeney.demon.co.uk> writes:
[snip]
> > Yes. We've encountered it here before over "is qmail secure?" and "just
> > run djbdns instead" and suchlike. It all depends on how much you
> > consider past performance to be an indicator of the future.
>
> I think the crucial matter is - was it patched or rewritten. If patching
> was the 'fix' the the past history is probably a fairly good guide.
Well, yes, that gives you data about turnaround time which a rewrite
wouldn't.
> Only after a couple of years of heavy and widespread use without problems
> can one really say the nasties have probably gone away - look at the
> history of IIS with bugs suddenly being discovered that go back 2 or 3
> releases.
That assumes you believe in a bathtub curve - things either break
immediately or after many years, I think.
> A rewrite (a la Bind8/Bind9) is a different matter, especially if done by
> a different designer+coder combination. Here we have a disjoint, and
> while the new product may turn out to be worse from a security point of
> view the problem history will certainly be different and only time will
> resolve.
One point of view is that this `everything is uncertain' thing is the best
approach to take. It certainly can be if the alternative is something where
patches take ages to turn around for a severe bug.
> I have never subscribed to the 'latest has got to be best' theory, things
> are never that simple, MS (in their usual style in such matters) have
> amply demonstrated that as well.
Latest is less likely to have exploits out there (would you really stick
with installing patches to bind8 when bind9 is available, and has been for
at least a year, in varying degrees of uptodateness, with no reported
vulnerabilities, that I've seen?), and `best' on feature / functionality
grounds. At least, normally so.
I guess you just have to weigh-up each situation as it appears... :)
~Tim
-- It's all over the front page |piglet@stirfried.vegetable.org.uk You give me road rage |http://spodzone.org.uk/ Racing through the best days |
- Next message: Kasper Dupont: "Re: Disabling telnet access to wheel group."
- Previous message: Dean Thompson: "Re: How to allow Pcanywhere client to go through iptables firewall"
- In reply to: Wine Development: "Re: ftp was hacked"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
