[p2p-hackers] OmilyX: Secure VoIP

[coderman]

On 2/23/06, Alex Pankratov <ap at hamachi.cc> wrote:
> ...
> I would however feel more confident in their binaries if I can
> verify that they adhere to the protocol spec.

glad to know such verification is trivial with binary products.  (i'd
love to know how you trigger every possible error/boundary/edge
condition that may lead to remote exploitation or unintentional
disclosure in such protocols.)


> See my point ?

yes.  you possess skills far beyond most.  now if only i could take
your word for it when you tell me $app follows spec precisely under
all conditions with no exceptions...

[i don't mean to be so flippant, but really, you have a steep hill to
climb when proclaiming some closed source networked application a
piece of "security software" with no evidence of the process or
internals that comprise it]

see https://buildsecurityin.us-cert.gov/portal/ for one example of the
requisite best practices for "secure software", whether closed or open
source.