MESSAGE
| DATE | 2003-04-07 |
| FROM | Ruben I Safir
|
| SUBJECT | Re: [hangout] OpenBSD - U.S. military helps fund Calgary hacker
|
Bind and Sendmail (whihc are also security holes) are 2 for that time period
HOWEVER .... openssh is FOR SECURITY.
In addition, that's not acceptable for Sendmail or Bind either
and finally... who says the commercial versions are MORE secure?
Ruben
On 2003.04.07 12:58 "Inker, Evan" wrote:
> How many patches have you seen on Bind, Sendmail etc.. Don't be a
> hypocrite...
> And if you don't like it, go buy a commercial verison...
>
> Regards,
>
> Evan M. Inker (New York) x. 4615
>
>
>
> -----Original Message-----
> From: Ruben I Safir [mailto:ruben-at-mrbrklyn.com]
> Sent: Monday, April 07, 2003 12:33 PM
> To: EInker-at-gam.com
> Cc: 'Ruben I Safir'
> Subject: Re: [hangout] OpenBSD - U.S. military helps fund Calgary hacker
>
>
> Really - there has been 4 security patches on it less than
> a year.
>
>
> On 2003.04.07 12:13 "Inker, Evan" wrote:
> > As usual, you are wrong. OpenSSH works just fine...
> >
> > Regards,
> >
> > Evan M. Inker (New York) x. 4615
> >
> >
> >
> > -----Original Message-----
> > From: Ruben I Safir [mailto:ruben-at-mrbrklyn.com]
> > Sent: Monday, April 07, 2003 10:33 AM
> > To: EInker-at-gam.com
> > Cc: 'hangout -at- nylxs . com'
> > Subject: Re: [hangout] OpenBSD - U.S. military helps fund Calgary hacker
> >
> >
> >
> > This is sort of strange considering that openssh is constantly riddled
> > with wholes
> >
> > Ruben
> >
> > On 2003.04.07 08:14 "Inker, Evan" wrote:
> > >
> > > POSTED AT 8:51 PM EDT Sunday, April 6
> > >
> > > U.S. military helps fund Calgary hacker
> > >
> > > By DAVID AKIN
> > > >From Monday's Globe and Mail
> > >
> > >
> > > The U.S. military believes the work of a Calgary hacker may be its
> > > best bet to protect its computer networks from so-called
> > > cyber-terrorist attacks. And although Theo de Raadt is happy to have
> > > more than $2-million (U.S.) in research support from the U.S.
> > > military's research and development office, the source of that funding
> > > has made him more than a little uneasy.
> > >
> > > "I actually am fairly uncomfortable about it, even if our firm
> > > stipulation was that they cannot tell us what to do. We are simply
> > > doing what we do anyways - securing software - and they have no say in
> > > the matter," Mr. de Raadt said in a recent e-mail exchange. "I try to
> > > convince myself that our grant means a half of a cruise missile
> > > doesn't get built."
> > >
> > > The grant comes from the U.S. Defense Advanced Research Projects
> > > Agency (DARPA), the R&D arm of the U.S. military, whose most widely
> > > known invention would be the Internet. For this grant, DARPA is
> > > interested in testing the security of commercial software systems
> > > against the security of open source software projects.
> > >
> > > Mr. de Raadt leads development of an open source project called
> > > OpenBSD. It is a computer operating system, used most often to power
> > > the large server computers that run corporate networks or Web sites.
> > > OpenBSD, a derivative of the Unix operating system, is widely
> > > considered by computer experts to be the most resistant to
> > > unauthorized use.
> > >
> > > "We were convinced OpenBSD was the best platform to use as a basis
> > > for
> > > further securing open source," said Jonathan Smith, a professor of
> > > computer and information science at the University of Pennsylvania.
> > >
> > > Because DARPA does not directly fund projects outside the United
> > > States, it is Mr. Smith's computer science department that received
> > > the grant, although most of the money - $2.3-million - flows through
> > > to Mr. de Raadt's project.
> > >
> > > Although Microsoft Corp., whose Windows products are the world's
> > > dominant operating system products, and many other commercial software
> > > vendors are paying new attention to the security of their products,
> > > that renewed interest has done little to improve their products so
> > > far, Mr. de Raadt said.
> > >
> > > "Low code quality keeps haunting our entire industry. That, and
> > > sloppy
> > > programmers who don't understand the frameworks they work within.
> > > They're like plumbers high on glue," Mr. de Raadt said.
> > >
> > > Microsoft, for example, has issued 68 security bulletins or alerts
> > > for
> > > its products in the past year, better than one a week. OpenBSD, which
> > > does not develop as many products as Microsoft, says only one
> > > vulnerability or hole has been found in its software in the past seven
> > > years. OpenBSD has been created largely through the work of volunteers
> > > over its seven-year existence.
> > >
> > > The DARPA grant enabled Mr. de Raadt to add the equivalent of four
> > > full-time developers to supplement the work of about 80 volunteers.
> > > And although he's happy about the extra support for the project, he's
> > > nervous that critics may get the idea he's working for the U.S.
> > > military.
> > >
> > > "We're not doing anything for them. They just fund us to do what we
> > > do," said Mr. de Raadt, a 35-year-old graduate of the University of
> > > Calgary's computer science program. Mr. de Raadt is no fan of the U.S.
> > > military at the moment. He calls the war in Iraq an oil grab. "It just
> > > sickens me."
> > >
> > > He also notes that the software his group develops is made available
> > > free of charge via Internet download or for a nominal fee on CD. The
> > > next major upgrade to the software, version 3.3., will be released on
> > > May 1. Because OpenBSD is often used in computing environments where
> > > security is a top concern, OpenBSD users are often reluctant to
> > > identify themselves. But Mr. de Raadt's group said that in addition to
> > > running the servers for several branches of the U.S. military,
> > > including the Pentagon, OpenBSD is also installed on the servers the
> > > U.S. Department of Justice uses to track and catch hackers and
> > > so-called cyber-terrorists.
> > >
> > > OpenBSD is also used by the University of Alberta, the University of
> > > Minnesota, Adobe Systems Inc. and FSC Internet Corp. of Toronto. More
> > > than 50,000 copies of OpenBSD have been downloaded from the project's
> > > servers in the past six months.
> > >
> > > Corrections Canada, Health Canada, Parliament and the Canada Customs
> > > and Revenue Agency are among the federal users that have downloaded
> > > the software, although it's not clear if it is being used by them.
> > >
> > > OpenBSD is one of several open source operating systems, the most
> > > famous of which is Linux. The source code for the software is open or
> > > uncompiled, which means any software programmer can examine the code
> > > and can make changes before it is formatted to run on a computer.
> > > OpenBSD is a variant of a kind of Unix-based operating system known as
> > > BSDs, short for Berkeley Software Distribution.
> > >
> > > The software traces its roots to projects that began in the 1970s at
> > > the University of California at Berkeley. Mr. de Raadt, who's been
> > > working full-time on the OpenBSD project for seven years, pays his own
> > > bills with the money from the sale of the CDs - he sells about 8,000 a
> > > year - as well as from selling OpenBSD T-shirts and other
> > > paraphernalia.
> > >
> > > David Akin is national business and technology correspondent for CTV
> > > News and a contributing writer to The Globe and Mail.
> > >
> > > http://www.globetechnology.com/servlet/story/RTGAM.20030406.whack46/
> > > GT
> > > Story
> > >
> > >
> > >
> > >
> > > ********************************************************************
> > > **
> > > ******
> > > This message contains confidential information and is intended only
> > > for the individual or entity named. If you are not the named addressee
> > > you should not disseminate, distribute or copy this e-mail.
> > > Please notify the sender immediately by e-mail if you have received
> > > this e-mail by mistake and delete this e-mail from your system.
> > > E-mail transmission cannot be guaranteed to be secure or error-free
> > > as information could be intercepted, corrupted, lost, destroyed, arrive
> > > late or incomplete, or contain viruses. The sender therefore does not
> > > accept liability for any errors or omissions in the contents of this
> > > message which arise as a result of e-mail transmission.
> > > If verification is required please request a hard-copy version.
> > > This message is provided for informational purposes and should not
> > > be construed as an invitation or offer to buy or sell any securities or
> > > related financial instruments.
> > > GAM operates in many jurisdictions and is
> > > regulated or licensed in those jurisdictions as required.
> > >
> > **********************************************************************
> > ******
> > >
> > > ____________________________
> > > NYLXS: New Yorker Free Software Users Scene
> > > Fair Use -
> > > because it's either fair use or useless....
> > > NYLXS is a trademark of NYLXS, Inc
> > >
> > --
> > __________________________
> > Brooklyn Linux Solutions
> > __________________________
> > DRM is THEFT - We are the STAKEHOLDERS http://fairuse.nylxs.com
> >
> > http://www.mrbrklyn.com - Consulting
> > http://www.inns.net <-- Happy Clients
> > http://www.nylxs.com - Leadership Development in Free Software
> > http://www2.mrbrklyn.com/resources - Unpublished Archive or stories
> > and articles from around the net
> > http://www2.mrbrklyn.com/downtown.html - See the New Downtown
> > Brooklyn....
> >
> > 1-718-382-0585
> > ____________________________
> > NYLXS: New Yorker Free Software Users Scene
> > Fair Use -
> > because it's either fair use or useless....
> > NYLXS is a trademark of NYLXS, Inc
> >
> >
> > **********************************************************************
> > ******
> > This message contains confidential information and is intended only
> > for the individual or entity named. If you are not the named addressee
> > you should not disseminate, distribute or copy this e-mail.
> > Please notify the sender immediately by e-mail if you have received
> > this e-mail by mistake and delete this e-mail from your system.
> > E-mail transmission cannot be guaranteed to be secure or error-free
> > as information could be intercepted, corrupted, lost, destroyed, arrive
> > late or incomplete, or contain viruses. The sender therefore does not
> > accept liability for any errors or omissions in the contents of this
> > message which arise as a result of e-mail transmission.
> > If verification is required please request a hard-copy version.
> > This message is provided for informational purposes and should not
> > be construed as an invitation or offer to buy or sell any securities or
> > related financial instruments.
> > GAM operates in many jurisdictions and is
> > regulated or licensed in those jurisdictions as required.
> >
> ****************************************************************************
> >
> --
> __________________________
> Brooklyn Linux Solutions
> __________________________
> DRM is THEFT - We are the STAKEHOLDERS http://fairuse.nylxs.com
>
> http://www.mrbrklyn.com - Consulting
> http://www.inns.net <-- Happy Clients
> http://www.nylxs.com - Leadership Development in Free Software
> http://www2.mrbrklyn.com/resources - Unpublished Archive or stories and
> articles from around the net http://www2.mrbrklyn.com/downtown.html - See
> the New Downtown Brooklyn....
>
> 1-718-382-0585
>
>
> ****************************************************************************
> This message contains confidential information and is intended only
> for the individual or entity named. If you are not the named addressee
> you should not disseminate, distribute or copy this e-mail.
> Please notify the sender immediately by e-mail if you have received
> this e-mail by mistake and delete this e-mail from your system.
> E-mail transmission cannot be guaranteed to be secure or error-free
> as information could be intercepted, corrupted, lost, destroyed, arrive
> late or incomplete, or contain viruses. The sender therefore does not
> accept liability for any errors or omissions in the contents of this
> message which arise as a result of e-mail transmission.
> If verification is required please request a hard-copy version.
> This message is provided for informational purposes and should not
> be construed as an invitation or offer to buy or sell any securities or
> related financial instruments.
> GAM operates in many jurisdictions and is
> regulated or licensed in those jurisdictions as required.
> ****************************************************************************
>
--
__________________________
Brooklyn Linux Solutions
__________________________
DRM is THEFT - We are the STAKEHOLDERS http://fairuse.nylxs.com
http://www.mrbrklyn.com - Consulting
http://www.inns.net <-- Happy Clients
http://www.nylxs.com - Leadership Development in Free Software
http://www2.mrbrklyn.com/resources - Unpublished Archive or stories and articles from around the net
http://www2.mrbrklyn.com/downtown.html - See the New Downtown Brooklyn....
1-718-382-0585
____________________________
NYLXS: New Yorker Free Software Users Scene
Fair Use -
because it's either fair use or useless....
NYLXS is a trademark of NYLXS, Inc
|
|
