| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: infsec at gmail.com (Willem Koenings) Subject: How T-Mobil's network was compromised On Sat, 19 Feb 2005 10:14:31 -0600, Frank Knobbe <frank@...bbe.us> wrote: > On Sat, 2005-02-19 at 16:12 +0200, Willem Koenings wrote: > > - user input is correctly sanitized and there is no flaw > > - use input is not correctly sanitized and there is a flaw > > I've seen cases where user input is correctly sanitized, but there was a > flaw. Can you please bring an example? > > So above saying is not always completly true. But you can't use > > testing to find something you don't know at this exact moment - > > unknown flaws. > > Well, that's exactly the point of the quote :) The original quote isn't uniquely understandable: "Testing can reveal the presence of flaws, but not their absence" 1. testing doesn't reveal absence of known flaw 2. testing doesn't reveal absence of all known flaws 3. testing doesn't reveal absence of unknown flaw 4. testing doesn't reveal absence of all unknown flaws ... all the best, W. ps. no multiple mail please. either list or private, but not both.
Powered by blists - more mailing lists