Firefox security strategy (was: Firefox goodies)
Thomas Charron
twaffle at gmail.com
Fri Dec 30 12:20:01 EST 2005
On 12/30/05, Tom Buskey <tom at buskey.name> wrote:
>
> On 12/29/05, Thomas Charron <twaffle at gmail.com> wrote:
> >
> > On 12/29/05, Bill McGonigle < bill at bfccomputing.com> wrote:
> > >
> > > the software changes over time. People DON'T spend their time going
> > > to a several month audit, and find each and every exploit. They find the
> > > ones
> >
> > http://www.openbsd.org
> http://www.openssh.org
>
Yes, they do. And we all know how often ssh is the target due to
exploits. Obviouse security errors are one thing, but the majority of
exploits are due to the identification of what needs to be check, versus
what doesn't, specifically when the applications are written in C/C++.
These errors are going to happen, period. If anything, the above two
projects having issues just proves that this is the case. It's the turn
around time that makes the difference.
that cause them problems in the manner that they use the software. Not
> > many actually sit back and say 'Well, what happens in my URL is a
> > BEEEEEELion characters long? Ok, it's fine with that many. OH SHEEEET!
> > Someone used a BEEEEEEEELION and *ONE*!??!?!! Poo!' I'm not saying no one
> > cares, I'm saying, software, becouse of the way
> >
> And there are the pen testers that do that. Are report 0 days to the
> various vendors. Or keep if for their pen testing. Or keep it to
> themselves for other reasons.
>
Or, use it to set up a giant IRC network to spam people.. ;-)
Thomas
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.gnhlug.org/mailman/private/gnhlug-discuss/attachments/20051230/fc55a963/attachment.html
More information about the gnhlug-discuss
mailing list