OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Brian D. Halley (bhalleyEARTHLINK.NET)
Date: Thu Sep 06 2001 - 22:02:43 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Then I guess that means that we shouldn't purchase the next MS product.

    -----Original Message-----
    From: Steve [mailto:steveSECURESOLUTIONS.ORG]
    Sent: Thursday, September 06, 2001 3:34 PM
    To: win2ksecadviceLISTSERV.NTSECURITY.NET
    Subject: Re: IIS Web Server Condom

    Words spoken by someone who himself does not truly get it or understand.
    Are you a developer? Have you ever had to go through thousands of lines
    of code? Have you ever had to think of every possible scenario? It is
    not as easy as it sounds. Granted, some of the larger companies should
    be able to handle this as they have the resources to throw at the
    problem. But, until the consumers at large start refusing to purchase
    buggy software then upgrades that should have been free or included with
    the original software the problem will never go away.

    Regards;

    Steve Manzuik
    Moderator - VulnWatch
    www.vulnwatch.org

    > -----Original Message-----
    > From: Ichinin [mailto:ichininSWIPNET.SE]
    > Sent: Friday, August 17, 2001 7:54 PM
    > To: win2ksecadviceLISTSERV.NTSECURITY.NET
    > Subject: Re: IIS Web Server Condom
    >
    >
    > Howard Marsh wrote:
    > > Could so many security vulnerabilities be fixed so simply?
    >
    > Yes.
    >
    > Because of..
    >
    > 1) Some developers are lazy A-holes and just shovle the
    > variables into a DB or app without checking validity, hence
    > the great number of insecure products.
    >
    > 2) Some people does not understand security or are ignorant
    > or choose the ostridge approach to security.
    >
    > /Ichinin
    >
    > _____________________________________________________________________
    > ** TO UNSUBSCRIBE, send the command "UNSUBSCRIBE win2ksecadvice"
    > ** FOR A WEEKLY DIGEST, send the command "SET win2ksecadvice
    > DIGEST" SEND ALL COMMANDS TO: listservlistserv.ntsecurity.net
    >

    _____________________________________________________________________
    ** TO UNSUBSCRIBE, send the command "UNSUBSCRIBE win2ksecadvice"
    ** FOR A WEEKLY DIGEST, send the command "SET win2ksecadvice DIGEST"
    SEND ALL COMMANDS TO: listservlistserv.ntsecurity.net

    _____________________________________________________________________
    ** TO UNSUBSCRIBE, send the command "UNSUBSCRIBE win2ksecadvice"
    ** FOR A WEEKLY DIGEST, send the command "SET win2ksecadvice DIGEST"
    SEND ALL COMMANDS TO: listservlistserv.ntsecurity.net