Re: US Election Assistance Commission--Questions

From: james_in_denver <james_in_denver_at_hotpop_dot_com>
Date: Fri May 07 2004 - 17:58:24 CDT

Alan,

I just spent several hours researching MS-Windows v Linux security,

As far as I can see there have been two successful attacks on Linux
machines. Both cases involved a Trojan Horse attack AFTER gaining access
to the systems by attaining the super-user passwords. These are truly
not Viral attacks, just some lucky guesswork or a disgruntled employee.

Today, Microsoft announced fixes for at least 20 Windows fixes.

quoting press release url below:

"Microsoft released on Tuesday fixes that cover at least 20 Windows
flaws, several of which could make versions of the operating system
vulnerable to new worms or viruses. At least six of the flaws could make
the OS susceptible to programs similar to the MSBlast worm and its
variants, which have infected more than 8 million computers since last
August."

(see
http://www.securitynewsportal.com/cgi-bin/cgi-script/csNews/csNews.cgi?database=JanEE%2edb&command=viewone&id=9&op=t

James

On Fri, 2004-05-07 at 16:54, charlie strauss wrote:
> comment: When comparing open source with closed source bug fix records it's important to distinguish critical bugs from the rest. While all "issues" are called "bugs" in open source world--and go into bug-traq. Even things like performance issues are listed in "bug" reports. minor "issues" like that dont get reported at all in proprietary software. there is no "bug traq". So the counts are only patch releases.
>
>
> -----Original Message-----
> From: Alan Dechert <alan@openvotingconsortium.org>
> Sent: May 7, 2004 2:42 PM
> To: voting-project@lists.sonic.net
> Subject: Re: [voting-project] US Election Assistance Commission--Questions
>
> I think Doug wrote something on that to them. I phoned Whitener the day
> before the hearings. We need to work up a written response to any open
> source issues that came up at the hearing.
>
> I'm looking for an article that compares open source products (like
> Apache) with commercial closed-source products in terms of security,
> reliability etc.
>
> Doug told me about a Wisconsin study of commercial Unix v. open source
> workalikes.
>
> Alan D.
>
> >
> > [commissioner, I didn't get his name]
> >
> > Would Open Source work better?
> >
> > "If you find a bug in Linux, you are responsible for fixing it."
> > !!!
> >
> > "Nobody here has anything to hide." !!!
> >
> >
> > DeSoaries asks what happens with Open Source. Can anybody make
> > changes and then run the result in an election? Would Open
> > Source be certified? Would changes need to be certified?
> >
>

==================================================================
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
==================================================================
Received on Mon May 31 23:17:24 2004

This archive was generated by hypermail 2.1.8 : Mon May 31 2004 - 23:18:16 CDT