Re: Is there any strong hand cipher?

From: Michael Wojcik (
Date: 11/12/04

Date: 12 Nov 2004 22:13:59 GMT

In article <>, Mxsmanic <> writes:
> Guy Macon <> writes:
> > And while Linux does have a history of bugs, they
> > are far fewer and far less destructive than Microsoft's.
> Linux is far younger.

It's not younger than 32-bit Windows.

> And nine out of ten bugs I see announced on bugtraq these days
> are Linux bugs.

Have your sight checked. Today (12 November), as of 17:00 EST,
there have been six bugs posted to BUGTRAQ (as opposed to discussions
of existing ones; some of these have been cited in other implementa-
tions previously). Four are in PHP scripts; PHP is available for
Linux and Windows and other platforms. One is in Secure Network
Messenger, an application for Windows. One is in a brand of ADSL
modem, which *might* be running Linux, but I wouldn't want to bet on

Yesterday we had OpenSSL, Apache, davfs2 / lvm-user (Linux), Samba
(Linux and Unix), IMsecure (Windows), another PHP script, Cisco,
and ez-ipupdate (Linux). Even if I give you the Samba vulnerability
as a "Linux bug", that still isn't "nine out of ten".

The recently-disclosed Linux ELF loader vulnerabilities aren't
pretty, but neither is the equally recent Windows ddeshare.exe one,
or the really bad IE <IFRAME> and <FRAME> overflows, which are being
exploited now by the Bofra Worm.

And, of course, the rate at which bugs are reported on BUGTRAQ says
little or nothing about the actual security of a software product.
All it tells us is how often its bugs are reported to BUGTRAQ. There
are MS-DOS systems with TCP/IP stacks connected to the Internet. How
many bugs in them get reported to BUGTRAQ? Do you believe they're

Michael Wojcik        
Pocket #9: A complete "artificial glen" with rocks, and artificial moon,
and forester's station.  Excellent for achieving the effect of the
sublime without going out-of-doors.  -- Joe Green

Relevant Pages