lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20031111165626.24491.qmail@mail.securityfocus.com> Date: Tue, 11 Nov 2003 11:13:07 -0600 From: "Alun Jones" <alun@...is.com> To: "'Goetz Babin-Ebell'" <babin-ebell@...stcenter.de>, <bugtraq@...urityfocus.com> Subject: RE: Six Step IE Remote Compromise Cache Attack > -----Original Message----- > From: Goetz Babin-Ebell [mailto:babin-ebell@...stcenter.de] > Sent: Monday, November 10, 2003 11:25 AM > > But wrongly rejecting good input has no security implications. > But wrongly accepting bad input has. Coding to satisfy only security implications, in a vacuum separated from the rest of the world, all the security bugs in the world can be fixed simply by removing all the features. Wrongly rejecting good input has a very strong implication - your program fails to do what it is tasked with. You can call that a security implication, in that security's task is not just to prevent access by the unwashed, but also to allow, provide and facilitate access to those that are approved. If all we are doing is trying to prevent unauthorised access, then all we have to do is turn off, unplug, and shred, our computers. There - security made easy. Alun. ~~~~ -- Texas Imperial Software | Find us at http://www.wftpd.com or email 1602 Harvest Moon Place | alun@...is.com. Cedar Park TX 78613-1419 | WFTPD, WFTPD Pro are Windows FTP servers. Fax/Voice +1(512)258-9858 | Try our NEW client software, WFTPD Explorer.
Powered by blists - more mailing lists