[478] in bugtraq
Re: Security through obscurity, etc.
daemon@ATHENA.MIT.EDU (Jason Matthews)
Mon Dec 12 19:32:52 1994
Date: Mon, 12 Dec 1994 12:30:06 -0800 (PST)
From: Jason Matthews <jason@dickory.sdsu.edu>
To: "That Whispering Wolf..." <elfchief@lupine.org>
Cc: bugtraq@fc.net
In-Reply-To: <199411300406.AA04007@lupine.org>
On Tue, 29 Nov 1994, That Whispering Wolf... wrote:
> Why doesn't 8lgm, instead of posting exploit scripts, post DETAILED
> KNOWLEDGE of the bug, including source snippets if they can, so that
> those of us that are capable can diagnose our own systems, work around
> bugs (etc), while the average joe-on-the-street doesn't just have a plug-
> and-go attack on a system. Any hacker with the ability to turn bug details
> into an exploit script probably already knows about the bugs anyhow.
>
> Well, this is just my $.02. I think if 8lgm continues they way they're
> going (with things like their SCO 'login' problem -- Which basically said "There's a bug, no fix and no workaround, so nyah"), I'd rather just see them
> go away. I echo Pat's comments (I think that was Pat) about only needing
> one CERT.
I would rather have 8lgm then CERT.
Jason
