|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: BitchX /ignore bug
From: Bluefish (11a
GMX.NET)Date: Fri Jul 07 2000 - 09:30:05 CDT
- Next message: Bluefish: "Re: your mail"
- Previous message: Mikael Olsson: "About all the default password databases..."
- In reply to: Steve Mosher: "Re: BitchX /ignore bug"
- Next in thread: Ron DuFresne: "Re: BitchX /ignore bug"
- Next in thread: Matthew S. Hallacy: "Re: BitchX /ignore bug"
- Reply: Bluefish: "Re: BitchX /ignore bug"
- Reply: Ron DuFresne: "Re: BitchX /ignore bug"
- Reply: Juan M. Courcoul: "Re: BitchX /ignore bug"
- Reply: Schlachter, Jake: "Re: BitchX /ignore bug"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
> Is it the teachers' fault, can anyone be blamed? More
> importantly, is there anything (short of Java, or any change in language)
> that can be done about it?
My experience from 2 years of undergraduate master of science eductation,
is that there's never any mentioning of "insecure" programming. In the
computer security course I took there was some mentioning of buffert
overflows and similar threats, but isn't enough to ensure that code is
written moderately well. And the security course is entirely optional.
Actually, I fear it's the same at most universities. The avarage computer
science students leaves his/her education with hardly any knowledge of
security, and if (s)he has been taught any of it, it has been too
theoretical.
The problem is that security hasn't really been a *real* practice before
the 1980, and it only been somewhat "hot" since 1990. Currently, most
companies and educations still don't take security really seriously. If
they do, it is usually only about getting the magic "C2" which makes
people buy the system (because they don't really know what C2 is)
> Imagine how little we would know if this were
> closed source. *Someone* would notice a segmentation violation sometime,
> fire up a debugger, produce an exploit, and finally an advisory would be
> written. We wouldn't really know a thing. Who knows how long these things
> would go unpatched for?
Agree. Although we see numerous people doing really lazy and stupid coding
in GNU, Linux, FreeBSD projects etc, it is from these misstakes most
people learn security today. Because socity still doesn't reallize that
every developer needs a moderate clue about security. When it comes to
security today, it is far easier to scream for punishment for the
induviduals involved in abuse, than to make the changes needed.
..:::::::::::::::::::::::::::::::::::::::::::::::::..
http://www.11a.nu || http://bluefish.11a.nu
eleventh alliance development & security team
- Next message: Bluefish: "Re: your mail"
- Previous message: Mikael Olsson: "About all the default password databases..."
- In reply to: Steve Mosher: "Re: BitchX /ignore bug"
- Next in thread: Ron DuFresne: "Re: BitchX /ignore bug"
- Next in thread: Matthew S. Hallacy: "Re: BitchX /ignore bug"
- Reply: Bluefish: "Re: BitchX /ignore bug"
- Reply: Ron DuFresne: "Re: BitchX /ignore bug"
- Reply: Juan M. Courcoul: "Re: BitchX /ignore bug"
- Reply: Schlachter, Jake: "Re: BitchX /ignore bug"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]