| Re: [CM] Falkvinge: MtGox had custom SSHD written in PHP [message #185207 is a reply to message #185206] |
Tue, 11 March 2014 21:08   |
![john[1] is currently offline](/forum/theme/default/images/offline.png "john[1] is currently offline")
john[1]
Messages: 1
Registered: March 2014
Karma:
|
Junior Member |
|
|
RS Wood wrote:
> From the «That oughta work» department:
> Title: Security At MtGox Much Worse Than Originally Imagined
> Author: Rick Falkvinge
> Date: Mon, 10 Mar 2014 20:06:30 -0400
> Link:
> http://feeds.falkvinge.net/~r/Falkvinge-on-Infopolicy/~3/DNADqqiDLrY/
>>>
> The article in question[5] (gone from the server, but saved by the
> Internet Archive) was about how Karpeles had decided to write his own
> security mechanisms for remote access to his core servers. This goes
> against every grain, every practice, every professionalism of good
> security that exists. Security is hard and needs thousands of eyes to find
> the small but important bugs – just last week, a bug in Apple’s iOS was
> discovered where an attacker could have impersonated any target. And that
> was from Apple.
>
> Any person who calls themselves a professional in the IT field will end
> the conversation with anybody, no matter what title, who boasts that they
> have created their own security. You just don’t do it. It’s beyond
> reckless. It’s practically a guarantee that you will get broken into
> tracelessly.
>
Ok, I always prefer open source software myself, but there is alot of
attitude there. So I'll be a contradictory smart-ass for the sake of
discussion.. :)
As he says, not even Apple (or Tor, or ssl/ssh, or boost, or Linux kernel)
can do it. Show me any major piece of software that has been massively
reviewed, that has had no major security flaws/exploits. And that will not
continue to have exploits.
Theory is nice, but show me real world statistics, open source vs.
proprietary.
|
|
|
|
Calendar
Search
Help
Members
Register
Login
Home
]