[8896] in bugtraq

home help back first fref pref prev next nref lref last post

Re: Breeze Network Server remote reboot and other bogosity.

daemon@ATHENA.MIT.EDU (Kev)
Sun Jan 3 13:59:49 1999

Date: 	Fri, 1 Jan 1999 16:29:59 EST
Reply-To: Kev <klmitch@MIT.EDU>
From: Kev <klmitch@MIT.EDU>
X-To:         Mike Pelley <mike@PELLEY.COM>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To:  Your message of "Thu, 31 Dec 1998 19:09:45 EST." 
              <000b01be351b$0a2d90a0$0200000a@terminus.intranet.int>

> production machine.  I explained that we had some things to work on, and
> that we had a security review planned after we had ensured that the machine
> was stable and functional.

With all due respect, this is not the way to craft a secure product.
Security must be designed in from the beginning; reviewing the security
after everything else is already done simply will not result in a secure
product.  Even a testing release, such as your company provided to Mr.
Vardomskiy's, needs to display some security awareness if it is intended
to be a secure product after release.  His report seems to indicate a
lack of such forethought on the part of your developers.
--
Kevin L. Mitchell <klmitch@mit.edu>
-------------------------  -. .---- --.. ..- -..-  --------------------------
http://web.mit.edu/klmitch/www/               (PGP keys availiable from here)
    RSA AE87D37D/1024:  DE EA 1E 99 3F 2B F9 23  A0 D8 05 E0 6F BA B9 D2
    DSS ED0DB34E/1024: D9BF 0E74 FDCB 43F5 C597  878F 9455 EC24 ED0D B34E
    DH  2A2C31D4/2048: 1A77 4BA5 9E32 14AE 87DA  9FEC 7106 FC62 2A2C 31D4

home help back first fref pref prev next nref lref last post