Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Mem

from [Pim van Riezen] Network Security [Permanent Link]
Subject: Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow)
Date: Sat, 25 Mar 2006 09:12:19 +0100 

On Mar 24, 2006, at 11:17 PM, Theo de Raadt wrote:

I did not decide that OpenSSH should become a critical part of the
internet, or that it should become a virtual monopoly. We made it
free. Again, the community decided to make it Internet infrastructure.

Now you want to tell us that because the Internet community made
decisions like these, that we should be held responsible.  That we
have to follow YOUR procedures.  That we have to answer to YOU.

What if we ignore your procedures?  What if we say no?  What will you
do then?  Continue to verbally attack us?  To what end?  To show that
you are thankless dogs?


Mr. De Raadt,

Perhaps you had no intention for your software to have such an influence over the internet. You did not create it in a vacuum either, on dangerous ground as I may be in second guessing people's motivations, I cannot imagine a developer releasing a quality piece of software, not hoping for it to be used by a large group of people. When you rise to such a position of influence, there comes the inevitable fact that many people will have opinions on how you use this influence, especially where it affects their daily lives. Getting upset about this is as pointless as it is for a rockstar to complain about the paparazzi.

It is true that a developers of a free product, even if their product rose to the level of popularity that it can be considered critical infrastructure, have no formal obligations towards their userbase at all. It would be silly to claim, however, that they are not responsible for the effects their decisions have on a larger community. People of character like yourself understand this responsibility. Where people's decisions have such tremendous impact, declaring outside criticism invalid counters that.

This is not to say that I don't feel empathy for your despair in the face of thousands of people that are probably overloading you with 'helpful suggestions' for your projects, but I think it is best to utter such frustrations in the privacy of one's home and let the people make their noise. Who knows, sometimes interesting sound rises up from such noise.

Kind Regards,
Pim van Riezen

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  XSS & SQL Injection in Music Box v2.3, xx_hack_xx_2004
Next by Date:  Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow), Kurt Seifried
Previous by Thread:  Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow), Geo.
Next by Thread:  Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow), Florian Weimer
Indexes:  [Date] [Thread] [Top] [All Lists]