| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: frank at knobbe.us (Frank Knobbe) Subject: How T-Mobil's network was compromised On Sat, 2005-02-19 at 16:12 +0200, Willem Koenings wrote: > - user input is correctly sanitized and there is no flaw > - use input is not correctly sanitized and there is a flaw I've seen cases where user input is correctly sanitized, but there was a flaw. If you tested your whole parameter set and don't find a flaw, it doesn't mean that none exists. There could be a flaw that you haven't found with your set of tests. That's what the quote is eluding to. You can say for sure that there is a flaw, but you can not say for sure that there is not one. You can't test for the absence. > So above saying is not always completly true. But you can't use > testing to find something you don't know at this exact moment - > unknown flaws. Well, that's exactly the point of the quote :) Cheers, Frank -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: This is a digitally signed message part Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050219/c19e87d1/attachment.bin
Powered by blists - more mailing lists