<<< Date Index >>>     <<< Thread Index >>>

Re: Re: Solaris telnet vulnberability - how many on your network?



On Tue, 13 Feb 2007, Gadi Evron wrote:

>> We all agree it is not a very likely possibility, but I wouldn't rule it
>> out completely just yet until more information from Sun becomes
>> available.

>What more information do you need? You have an >advisory, access to the
>source code, access to the change that resolved >the problem and
>patient conversations with a very patient Casper >Dik.

>The onus is on you to demonstrate how this could >be a backdoor.
>Otherwise you are asking Sun to prove a negative.

>IMO fixing security bugs at short notice is >painful enough without
>people like yourself and Steve Gibson casting >assertions of malice.

The price of freedom is eternal vigilance.

Assertions of malice are a good thing. Keeps people on their toes and thinking 
about it.

There have also been too many times in the past when they have been proven 
correct to ignore the possibility any longer.

TheFinn.