lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20031111165626.24491.qmail@mail.securityfocus.com>
Date: Tue, 11 Nov 2003 11:13:07 -0600
From: "Alun Jones" <alun@...is.com>
To: "'Goetz Babin-Ebell'" <babin-ebell@...stcenter.de>,
	<bugtraq@...urityfocus.com>
Subject: RE: Six Step IE Remote Compromise Cache Attack


> -----Original Message-----
> From: Goetz Babin-Ebell [mailto:babin-ebell@...stcenter.de] 
> Sent: Monday, November 10, 2003 11:25 AM
> 
> But wrongly rejecting good input has no security implications.
> But wrongly accepting bad input has.

Coding to satisfy only security implications, in a vacuum separated from the
rest of the world, all the security bugs in the world can be fixed simply by
removing all the features.

Wrongly rejecting good input has a very strong implication - your program
fails to do what it is tasked with.  You can call that a security
implication, in that security's task is not just to prevent access by the
unwashed, but also to allow, provide and facilitate access to those that are
approved.

If all we are doing is trying to prevent unauthorised access, then all we
have to do is turn off, unplug, and shred, our computers.  There - security
made easy.

Alun.
~~~~
-- 
Texas Imperial Software   | Find us at http://www.wftpd.com or email
1602 Harvest Moon Place   | alun@...is.com.
Cedar Park TX 78613-1419  | WFTPD, WFTPD Pro are Windows FTP servers.
Fax/Voice +1(512)258-9858 | Try our NEW client software, WFTPD Explorer.



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ