At 2:48 PM -0500 11/11/04, Paco Hope wrote: >On 11/11/04 11:46 AM, "ljknews" <[EMAIL PROTECTED]> wrote: >> As a software developer, I care about such issues, but the compiliations >> you list are largely not applicable to the operating system and programming >> languages with which I work. > >Advisories, problems, and failures do not have involve your platform or >language to be instructive. In fact, in this age of productization and >commoditization of technology, many of the differences are superficial.
I am still looking for a forum that omits those problems due to choice of C and related programming languages that use null terminated string. I know that is a bad idea, and I don't do it. I am still looking for a forum that omits problems propagated over IP and related protocols. I don't do that either. >Sure, the stock exploits won't apply, or maybe the concepts need some >translation, but there is absolutely a good reason to be aware of the >failures in other software. The same marketing that makes us think >FooBarSystems Gronkulator 4.2 is much better than Gronkulator 4.1 makes us >think that security issues written up on Gronulator 4.x have nothing to do >with other versions of Gronkulator, or Linux for that matter. There are a >surprisingly small number of tools in hackers' toolboxes, yet they all seem >to fit lots and lots of software. I have yet to see a standard "tool" (as distinguished from social engineering technique) from elsewhere that fits VMS. >Should you join every single mailing list in the world and read every single >post? No. Should you only join the security-[platform]-[language] email list >for the one thing you program? Also no. Somewhere between the extremes of >"read everything you can" and working with blinders on is the "right" place >where you read "stuff that I'm not working on, but informs me." It's not >always an easy place to find. But I reject categorical statements like the >one above that appear to say "if it ain't specific to my platform, it has no >value to me." No, I am saying "the typical forum is so full of irrelevant material that it is a waste of my time that should be spent elsewhere". -- Larry Kilgallen
