[WEB4LIB] Re: Fortres Hack on the Horizon??

Charles F. Bearden cbearden at ruf.rice.edu
Wed Jun 23 10:59:04 EDT 1999


On Tue, 22 Jun 1999, sean dreilinger wrote:

> Isabel Danforth wrote:
> > There is an email address given for st0rmer.  it is one of the free email
> > providers, and I already have sent them an email informing them that this
> > person is involved in cracking security software.
> 
> either that, or they're just contributing to the software development
> cycle by demonstrating potential exploits in package xyz (here, fortres)
> and putting an external pressure on the fortres company to secure product
> weaknesses promptly-- instead of letting holes linger, obscure but open,
> for the truly malicious to come and take advantage of your fortres
> installation.

Or they're doing both--cracking *and* inadvertently contributing to 
the software development cycle.  

I'm inclined to agree with sean that those who publicly expose the 
vulnerabilities of systems and software do more good than harm on 
balance.  Better that developers and system administrators should 
know what's out there than that this knowledge should remain the 
exclusive province of the '3l33t3'.

Chuck
======================================================================
 Chuck Bearden     Electronic Resources Librarian     Rice University
 cbearden at rice.edu        713.527.8101x3634        713.737.5859 (fax)
======================================================================



More information about the Web4lib mailing list