[p2p-hackers] OmilyX: Secure VoIP
Alex Pankratov
ap at hamachi.cc
Fri Feb 24 00:42:01 UTC 2006
coderman wrote:
> On 2/23/06, Alex Pankratov <ap at hamachi.cc> wrote:
>
>>...
>>I would however feel more confident in their binaries if I can
>>verify that they adhere to the protocol spec.
>
> glad to know such verification is trivial with binary products. (i'd
> love to know how you trigger every possible error/boundary/edge
> condition that may lead to remote exploitation or unintentional
> disclosure in such protocols.)
You are quoting out of the context. Nowhere I said it was a
trivial task nor was it the primary point.
>>See my point ?
>
> yes. you possess skills far beyond most. now if only i could take
> your word for it when you tell me $app follows spec precisely under
> all conditions with no exceptions...
We are talking about different things it seems. The binary
might be buggy or it might be bugged. To me the former is
bad, but latter is far worse. Having a source at hand does
nothing to establish the trust in a binaries.
> [i don't mean to be so flippant, but really, you have a steep hill to
> climb when proclaiming some closed source networked application a
> piece of "security software" with no evidence of the process or
> internals that comprise it]
Would Cisco IPsec client or SSH SecureCRT qualify as 'some
closed source networked application' ?
More information about the P2p-hackers
mailing list