[8896] in bugtraq
Re: Breeze Network Server remote reboot and other bogosity.
daemon@ATHENA.MIT.EDU (Kev)
Sun Jan 3 13:59:49 1999
Date: Fri, 1 Jan 1999 16:29:59 EST
Reply-To: Kev <klmitch@MIT.EDU>
From: Kev <klmitch@MIT.EDU>
X-To: Mike Pelley <mike@PELLEY.COM>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: Your message of "Thu, 31 Dec 1998 19:09:45 EST."
<000b01be351b$0a2d90a0$0200000a@terminus.intranet.int>
> production machine. I explained that we had some things to work on, and
> that we had a security review planned after we had ensured that the machine
> was stable and functional.
With all due respect, this is not the way to craft a secure product.
Security must be designed in from the beginning; reviewing the security
after everything else is already done simply will not result in a secure
product. Even a testing release, such as your company provided to Mr.
Vardomskiy's, needs to display some security awareness if it is intended
to be a secure product after release. His report seems to indicate a
lack of such forethought on the part of your developers.
--
Kevin L. Mitchell <klmitch@mit.edu>
------------------------- -. .---- --.. ..- -..- --------------------------
http://web.mit.edu/klmitch/www/ (PGP keys availiable from here)
RSA AE87D37D/1024: DE EA 1E 99 3F 2B F9 23 A0 D8 05 E0 6F BA B9 D2
DSS ED0DB34E/1024: D9BF 0E74 FDCB 43F5 C597 878F 9455 EC24 ED0D B34E
DH 2A2C31D4/2048: 1A77 4BA5 9E32 14AE 87DA 9FEC 7106 FC62 2A2C 31D4