| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 23 Dec 2010 14:32:22 +0100 (CET) From: Pavel Kankovsky <peak@...o.troja.mff.cuni.cz> To: full-disclosure@...ts.grok.org.uk Subject: Re: adobe.com important subdomain SQL injection again! On Mon, 20 Dec 2010, Marsh Ray wrote: > OK, so if sandboxing works, then why not just let devs build x86/x64 > code in the first place? In the same category as Native Client or ActiveX. And get rid of the only good feature (or perhaps one of the few good features) of Flash (its ability to present the same content on various OSes and CPU architectures)? > Remember chapter 1 of the textbook when it said "The first rule of > security is never try to retrofit security, _ever_!!" and underlined it > three times? I guess there must be a complementary rule in chapter 1 of software project management textbooks reading "Do not ever take security into consideration when the system is being developed. Security is supposed to be an afterthought (and additional expense for the customer)! Always!" In bright red blinking (*) 48pt letters. :( (*) An amazing feat in a printed book but the wonders of modern technology will make it possible soon. -- Pavel Kankovsky aka Peak / Jeremiah 9:21 \ "For death is come up into our MS Windows(tm)..." \ 21st century edition / _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists