From: "Rich" 

This is a multi-part message in MIME format.

------=_NextPart_000_0238_01C2E1A8.5E136580
Content-Type: text/plain;
        charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

   LOL!  You both are amazing.

   This is a great example of how having source available provides =
absolutely no assurance that someone will have found the serious = security
problems.  It's not like this is the first demonstration of = this nor will
it be the last.

   It is also a great example of how bugs are not fixed as quickly as =
some people claim.  Maybe Mike is using the same measure of time he used =
to claim that Opera 7.0 security flaws that took 2-1/2 months to fix = only
took 2 days.  This one took 7 weeks (see =
http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=3D21950).

Rich

  "Mike '/m'"  wrote in message =
news:jhs76v4e7p85cup1lpqvjt2a8ucjusksul{at}4ax.com...
  On Mon, 03 Mar 2003 18:02:04 -0600, "Joe Barr" =

  wrote:
  >
  >Amazing, isn't it?  That vulnerability has been in the code for 15 =
years
  >and as far as anyone knows, it has never been exploited.  And now =
it's
  >fixed.  The open source business really works. =20


  Fixed very quickly, but how quickly will the servers be patched?   =
We'll
  find out in about a year or so....

    /m
------=_NextPart_000_0238_01C2E1A8.5E136580
Content-Type: text/html;
        charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable








  
LOL!  You both are=20
amazing.
 
   This is a
great example of =
how having=20
source available provides absolutely no assurance that someone will have = found=20
the serious security problems.  It's not like this is the first=20
demonstration of this nor will it be the last.
 
   It is
also a great example =
of how bugs=20
are not fixed as quickly as some people claim.  Maybe Mike is using = the=20
same measure of time he used to claim that Opera 7.0 security flaws that = took=20
2-1/2 months to fix only took 2 days.  This one took 7 weeks (see =
http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=3D21=
950">http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=3D21950=
).
 
Rich
 

  "Mike '/m'" <mike{at}barkto.com>=20">mailto:mike{at}barkto.com">mike{at}barkto.com>=20
  wrote in message news:jhs76v4e7p8=
5cup1lpqvjt2a8ucjusksul{at}4ax.com...On=20
  Mon, 03 Mar 2003 18:02:04 -0600, "Joe Barr" <warthawg{at}austin.rr.com>=">mailto:warthawg{at}austin.rr.com">warthawg{at}austin.rr.com>=
wrote:>>Amazing,=20
  isn't it?  That vulnerability has been in the code for 15=20
  years>and as far as anyone knows, it has never been =
exploited. =20
  And now it's>fixed.  The open source business really =
works. =20
  Fixed very quickly, but how quickly will
the servers be=20
  patched?   We'llfind out in about a year or =
so.... =20
  /m

------=_NextPart_000_0238_01C2E1A8.5E136580--

--- BBBS/NT v4.01 Flag-4