On Tue, 15 Aug 2006 18:33:11 -0700 (PDT), Lemon Obrien wrote
> my
company...Tamago
any port to linux available?
>
> www.tamago.us
>
> today
we launch a private beta. Its live...and if you buy something...your credit
card will be processed. The wesite sucks...it will be changed tonight/tommorrow.
>
> you'll have to punch a hole in port 9000
probably...not much on there; we're putting oin stuff now.
>
> wanna help?
>
> i'm programming the 'billboard'
component...showning sales ranks and what's been newly uploaded.
>
> enjoy.
>
> Lemon Obrien
<[EMAIL PROTECTED]> wrote:
> openSSL follows the SSL protocol. The protocol allows for the dynamic
selection of various common algorythms....
>
> Linux and
BSD
both have security issues b/c their source is open.
> http://www.eweek.com/article2/0,1895,1612368,00.asp
>
> i know the story is old...its just to prove a point.
>
> Enzo Michelangeli <[EMAIL PROTECTED]>
wrote: Or OpenSSL and the whole of Linux and *BSD, for
that matter. Shall
> we stop using all of them, switching to Microsoft
products to get
> better security? ;-)
>
> Enzo
>
> ----- Original Message -----
> From: "David Barrett"
<[EMAIL PROTECTED]>
> Sent: Wednesday, August 16, 2006 7:18 AM
>
> > Isn't limewire open source?
> >
> > On Tue, 15
Aug 2006 4:17 pm, Lemon Obrien wrote:
> >> yeah...but with java you
can easily do it...find the encryption class you
> >> need...or get
access
to the data before encryption...just by creating an
> >> extension
of a known class and over-riding it's virtual method....its not
> >>
hard. I've done this plenty of times with professional products like
>
>> 'weblogic' commerce server...i wanted funtionality from a class
they
> >> provided. Of course when you do this; you busting the
warrenty...but who
> >> cares.
> >>
> >>
now, think of the desktop...then think of giving your program away to
get
> >> users; You know, to find out how limewire worked...i
decompiled it. i've
> >> even decompiled class wtihin the security
package provided by sun...to
> >> see what was going on...and maybe
to steal...shhh....don't tell anyone.
> >>
> >> oh
yeah...JXTA sucks...unless you're corporate and making something
>
>> totally irrelivant. Try going through a firewall with that
shit...last
> >> time i checked it was
a
no-go.
> >>
> >> don't get me wrong....java has its
place. I use it to do payment
> >> processing and email
stuff...writing small servers doing simple stuff.
> >>
>
>> its just, most people who do java can't do anything else...
>
>>
> >> Daniel Brookshier <[EMAIL PROTECTED]>wrote:
>
>>
> >>> Yikes! Decompile is hardly a security issue. We
obfuscate Java all the
> >>> time to prevent the random prying
eye, but C and all other languages are
> >>> just as easily
hacked. You can not hide references to libraries and such
> >>>
in either language. There is no such thing as code security, just
>
>>> obscurity.
> >>> Daniel Brookshier
>
>>>
> >>> office 972-422-5261
>
>>>
> >>> cell 214-207-6614
> >>>
>
>>> On Aug 15, 2006, at 3:29 PM, Lemon Obrien wrote:
>
>>>
> >>>> you've
never
decompiled java then...i have...especially if i wanted to
>
>>>> changed how something worked.
> >>>>
>
>>>> Mike Duigou
<[EMAIL PROTECTED]>wrote:
>
>>>>
> >>>>> Lemon Obrien wrote:
>
>>>>>> depends on the data you're transporting. I specificaly
stayed away
> >>>>>> from java cause it was easy to
crack...and the data transported, as
> >>>>>> well as
the protocols, are sensitive.
> >>>>>
>
>>>>> That's ridiculous. Strong crypto is strong crypto no matter
what
> >>>>> implementation language you use. The same
applies for good protocol
> >>>>> design--the quality of
the design matters far, far more than the
> >>>>> language
it is implemented in.
> >>>>>
>
>>>>>>> */Sashidhar Reddy Mukkamalla
/*
wrote:
> >>>>>>>
>
>>>>>>> Hi Group,
> >>>>>>> I am
trying to develop a p2p app. Can anyone point me some
>
>>>>>>> literature about security issues/concerns with p2p
applications in
> >>>>>>> particular and network
programs in general. Any pointers would be
> >>>>>>>
greatly helpful (both introductory and advanced)
>
>>>>>
> >>>>> Any time spent reading about
the fundamental algorithms, technologies
> >>>>> and
standards will be time well spent. It will be generally applicable
>
>>>>> no matter what type of application you are building or
environment you
> >>>>> are building it for.
>
>>>>>
> >>>>> Whenever I need a refresher on
any topic I usually start here:
> >>>>>
>
>>>>>
http://www.cs.auckland.ac.nz/~pgut001/tutorial/index.html
>
>>>>>
> >>>>> or
>
>>>>>
> >>>>>
http://ospkibook.sourceforge.net/docs/OSPKI-2.4.7/OSPKI-html/ospki-book.htm
>
>>>>>
> >>>>> and then branch off into
google searches from there. Some of the
> >>>>> specific
topics are very dated e.g. "Skipjack" but the issues always
>
>>>>> remain relevant.
> >>>>>
>
>>>>> Mike
> >>>>>
>
>>>>> _______________________________________________
>
>>>>> p2p-hackers mailing list
> >>>>>
[email protected]
> >>>>>
http://lists.zooko.com/mailman/listinfo/p2p-hackers
>
>>>>
> >>>> You don't get no juice unless you
squeeze
> >>>> Lemon Obrien, the Third.
>
>>>>
>
>>>>
_______________________________________________
>
>>>>
> >>>> p2p-hackers mailing list
>
>>>>
> >>>> [email protected]
>
>>>>
> >>>>
http://lists.zooko.com/mailman/listinfo/p2p-hackers
> >>>
>
>>> _______________________________________________
>
>>>
> >>> p2p-hackers mailing list
> >>>
[email protected]
> >>>
http://lists.zooko.com/mailman/listinfo/p2p-hackers
> >>
>
>> You don't get no juice unless you squeeze
> >> Lemon
Obrien, the Third._______________________________________________
> >
p2p-hackers mailing list
> > [email protected]
> >
http://lists.zooko.com/mailman/listinfo/p2p-hackers
> >
>
> _______________________________________________
> p2p-hackers
mailing
list
> [email protected]
>
http://lists.zooko.com/mailman/listinfo/p2p-hackers
>
>
> You don't get no juice unless you squeeze
>
Lemon Obrien, the Third._______________________________________________
>
p2p-hackers mailing list
> [email protected]
>
http://lists.zooko.com/mailman/listinfo/p2p-hackers
>
>
> You don't get no juice unless you squeeze
>
Lemon Obrien, the
Third.
--
QxRSSReader v1.2.6a released (30-06-2006)
PortScanner v1.2.2 ( 09-08-2006 )
http://www.gregerhaga.net/
There are no stupid questions, only stupid
answers.
|
