<<< Date Index >>>     <<< Thread Index >>>

RE: Followup: vuln in WinBlox monitor for winnt



 

> -----Original Message-----
> From: Oliver Lavery [mailto:oliver.lavery@xxxxxxxxxxxx] 
> Sent: Tuesday, March 30, 2004 1:11 PM
> To: bugtraq@xxxxxxxxxxxxxxxxx
> Subject: Followup: vuln in WinBlox monitor for winnt

<snip>
> 
>       That's it. No pissing competition. Liu's onto something 
> very good
> here, but as anyone who installs MS patches will tell ya, 
> you've got to see
> the full implications of a fix before you choose to apply it. 
> Until this
> thing gets rewritten properly, and follows even the most 
> basic principals of
> secure coding, it'll cause more problems than it fixes, in my opinion.
> 
>       I firmly believe that these sorts of tricks have tonnes 
> of potential
> and are going to become even more common in the future of the 
> "so called
> security community" tho' ;)

<snip>

Honestly, most [95%+-] "beta" or "alpha" programs do "cause more
problems then they fix". 

Liu Die Yu is relatively new at development, but he is relatively new at
finding bugs -- and he has succeeded substantially at that. I do not
doubt that he will succeed substantially at this. 

And, all of this is yet another great reason to immediately put code
opensource at an excellent hosting spot like sourceforge... even from
the design phase, but especially from the alpha release stage.

Then you have the ability to have others to help out... and you have
such neat, modern resources such as bug databases and submission forms. 

I do not think Liu Die Yu will take half a year or more to fix his bugs.