lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu Oct  6 16:33:09 2005
From: michealespinola at gmail.com (Micheal Espinola Jr)
Subject: Bigger burger roll needed

I do see how it all comes together, and I agree as a whole.  I'm
certainly not excusing MS of their responsibility to the matter.

My comments only referred to legitimate use of the OS, using
supporting software and drivers, in which case you should be able to
depend on proper coding from every party involved.  Running
software/drivers that were properly written for the OS should provide
a failure free platform, and it does.  That was my only point to
egregious comments to Windows being BSOD prone.  It could be a
balancing act at times, but it could be done if done right.

Yes, absolutely, any OS should be able to handle bad data without
crashing.  I think its apparent that MS is no longer ignorant (or
perhaps naive) about the issue, and I honestly can't remember the last
BSOD I got.  It's been years.


On 10/6/05, bkfsec <bkfsec@....lonestar.org> wrote:
> But, Curmudgeon's right... you can't just say "yeah, the OS can't handle
> malformed data, but that's not their problem."
>
> One of the primary rules of coding is never trust the input.  And that
> is a very valid point.  The same flaws in code that cause exploits also
> cause crashes by their very nature.  It's not "all over the place", it's
> a fact of system design.  If they can't avoid mishandling input, then
> people's expectations will be low.  See how it all comes together?

Powered by blists - more mailing lists