Re: End of all Open Source.

From: Mark H. Wood (mwood@mhw.ULib.IUPUI.Edu)
Date: 03/06/03


From: "Mark H. Wood" <mwood@mhw.ULib.IUPUI.Edu>
Date: Thu, 6 Mar 2003 14:38:43 +0000 (UTC)

In comp.security.misc Barry Margolin <barry.margolin@level3.com> wrote:
> In article <e3nc6vctfkutoajk6so9ig4g802vj3u01d@4ax.com>,
> Bradley Bungmunch <Bradley@Bungmunch.com> wrote:
>>If this bug had been announced straight away, it would also have been
>>fixed almost immediately. Instead they kept it quiet and it took three
>>months for a fix to be issued.
>
> Yet, as far as we know, it was never exploited during that time. So the
> system seemed to work.

Yes, "as far as we know". I had to wonder if part of the reason for the
delay was that the intel. guys weren't through using it. :-/

[snip]
> Telling people about a vulnerability without providing practical solutions
> is like the terror alerts that out government keeps announcing. I'm just
> not sure what the analogy is to sealing your house with plastic and duct
> tape. :)

Those total-network-security-in-a-box products come to mind.

-- 
Mark H. Wood, Lead System Programmer   mwood@IUPUI.Edu
MS Windows *is* user-friendly, but only for certain values of "user".