| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Pine.LNX.4.63.0510042235070.13056@forced.attrition.org> Date: Wed Oct 5 03:43:24 2005 From: jericho at attrition.org (security curmudgeon) Subject: Bigger burger roll needed : You know, I wouldn't mind it IF the conversation was properly : [re]directed in context. In fact it often leads to many fascinating : discussions. But other times it feels like some people that : contributing are schizophrenic. Seems like the people that didn't catch that "leap" don't quite grok the security industry at all. : Why if someone doesn't like or agree with a particular answer or topic : its OK to respond with something completely different without any : qualification is really bizarre - especially from a technical community. Microsoft / Windows / BSODs no, wrong / 3rd Parties / BSODs This lead to a comment of "blame the 3rd party for providing malformed input, not microsoft/windows!" At this point, two of us reply "blame hackers for malformed input", referring to the numerous input manipulation vulnerabilities (XSS, SQL Injection, Format String, Overflow, et al), as it is a fairly direct comparison to those who blame hackers for shoddy programming. By the logic of that quote, we should blame hackers for *vulnerabilities* in code, not just exploiting them. To lay blame on the person providing malformed input is silly, be it a hacker or 3rd party device driver author. It all boils down to coding that can't handle unexpected input, which is a utopian attitude in a world that is anything but.
Powered by blists - more mailing lists