[493] in bugtraq
Re: Security through obscurity, etc.
daemon@ATHENA.MIT.EDU (James M. Chacon)
Tue Dec 13 12:37:20 1994
From: jmc@telecom.ksu.edu (James M. Chacon)
To: jsz@ramon.bgu.ac.il (jsz)
Date: Tue, 13 Dec 1994 09:04:56 -0600 (CST)
Cc: jason@dickory.sdsu.edu, elfchief@lupine.org, bugtraq@fc.net
In-Reply-To: <9412130418.AA23268@ramon.bgu.ac.il> from "jsz" at Dec 13, 94 06:18:22 am
>
>At least you can't use CERT's advisory to crack root on a site, and wipe
>out important files; 8lgm's advisories were, and in fact are being used
>for those purposes as well.
Wrong...I've used the information in CERT advisories to give me a good idea
where and what I'm looking for. I've "reverse-engineered" so to speak a fair
amount of Cert's announcements into actaul problems I could show people around
here. All Cert's announcements do is delay the time people get to even know
a bug exists....I'm not really for the 8lgm concept completely, but at least
there they don't feel this overwhelming need to not hurt the various
manufacturers feelings....
James
