Re: Is there any strong hand cipher?
From: Michael Wojcik (mwojcik_at_newsguy.com)
Date: 12 Nov 2004 22:13:59 GMT
In article <firstname.lastname@example.org>, Mxsmanic <email@example.com> writes:
> Guy Macon <http://www.guymacon.com> writes:
> > And while Linux does have a history of bugs, they
> > are far fewer and far less destructive than Microsoft's.
> Linux is far younger.
It's not younger than 32-bit Windows.
> And nine out of ten bugs I see announced on bugtraq these days
> are Linux bugs.
Have your sight checked. Today (12 November), as of 17:00 EST,
there have been six bugs posted to BUGTRAQ (as opposed to discussions
of existing ones; some of these have been cited in other implementa-
tions previously). Four are in PHP scripts; PHP is available for
Linux and Windows and other platforms. One is in Secure Network
Messenger, an application for Windows. One is in a brand of ADSL
modem, which *might* be running Linux, but I wouldn't want to bet on
Yesterday we had OpenSSL, Apache, davfs2 / lvm-user (Linux), Samba
(Linux and Unix), IMsecure (Windows), another PHP script, Cisco,
and ez-ipupdate (Linux). Even if I give you the Samba vulnerability
as a "Linux bug", that still isn't "nine out of ten".
The recently-disclosed Linux ELF loader vulnerabilities aren't
pretty, but neither is the equally recent Windows ddeshare.exe one,
or the really bad IE <IFRAME> and <FRAME> overflows, which are being
exploited now by the Bofra Worm.
And, of course, the rate at which bugs are reported on BUGTRAQ says
little or nothing about the actual security of a software product.
All it tells us is how often its bugs are reported to BUGTRAQ. There
are MS-DOS systems with TCP/IP stacks connected to the Internet. How
many bugs in them get reported to BUGTRAQ? Do you believe they're
-- Michael Wojcik firstname.lastname@example.org Pocket #9: A complete "artificial glen" with rocks, and artificial moon, and forester's station. Excellent for achieving the effect of the sublime without going out-of-doors. -- Joe Green