We've been around and around on this, so my reply will be short:
On Tue, Dec 22, 1998 at 05:03:04PM -0800, Kelly Lucas wrote:
> I said all that to say this: instead of making derogatory remarks about
> someone's challenge, let's hear about it after you've hacked the system,
> or after you've pointed us to some conclusive data that clearly
> illustrates the flaws of the product/platform.
This is so rarely present. And this is a broken philosophy. It takes
SOME time for a product to be hacked.. for us not to be allowed to look
at architectural information is silly. We have three things here:
Microsoft made "kiddie cryptographer mistakes" in the past, Microsoft
shows no evidence of a complete redesign and reimplementation, and folks
like Schneier point out that Microsoft just broke the exploit, not all of
the underlying problems. This would make me nervous about trusting PPTP
as my VPN solution, even if Script Kiddie Hacker A and Script Kiddie
Hacker B can't hack it.
> I really think some of you took the challenger's intentions out of
> context. Lighten up... ;-)
> kdl
>
> --
> Kelly D. Lucas / Netscape Communications
> Systems Test Engineer / OEM/Eng Dept.
> [EMAIL PROTECTED] / 650-937-3073
> "Any opinions that I state are my own, and not Netscapes"
I sure hope Netscape has a better security and test philosophy than
"Bang on it and see if anyone can hack it". Or maybe that could
explain why certain problems... nevermind.
Mike
--
Michael P. Lyle
Security Architect
Exodus Communications, Inc.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
