FW: [LINK] Open source just as insecure as Windows
Howard Lowndes
lannet@lannet.com.au
Sat Nov 16 22:22:41 EST 2002
On Sat, 16 Nov 2002, Dearne, Karen wrote:
> 1. OpenSSH vs OpenSSL: Mr Klaus referred to OpenSSH. AusCERT published an
> advisory about the trojan on August 2; CERT had published it a day earlier.
> ISS"s own research and advisory lab, X-Force, had reported a vulnerability
> in June.
yes, that was about a trojaned copy of OpenSSH that was in circulation not
a problem in OpenSSH itself; so what, any half decent sysadmin checks
their MD5 hashes or PGP keys anyway.
>
> 2. Mr Klaus referred to Sunmail specifically. To all of those who have never
> heard of it, it's an older UNIX mailer still used in many UNIX/Linux shops,
> altho of course SendMail is more common now.
...and if you had read the very first reference that comes up in a Google
search, you would realise that it is the plain vanilla "mail" utility and
hasn't had a vulnerability for yonks, if ever.
--
Howard.
LANNet Computing Associates - Your Linux people
Contact detail at http://www.lannetlinux.com
"Flatter government, not fatter government." - me
Get rid of the Australian states.
------------------------------------------
If electricity comes from electrons, does morality come from morons?
More information about the Link
mailing list