[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAJB2JzvYeUUpTwQ3jZKf2LNWLzcCNq71AvSE32U6hVqZYmaauQ@mail.gmail.com>
Date: Wed, 21 May 2014 22:17:48 +0200
From: Mario Vilas <mvilas@...il.com>
To: "fulldisclosure@...lists.org" <fulldisclosure@...lists.org>
Subject: Re: [FD] Beginners error: Hewlett-Packards driver software executes
rogue binary C:\Program.exe
On Wed, May 21, 2014 at 8:21 PM, Reindl Harald <h.reindl@...lounge.net>wrote:
> 90 out of 100 security flaws in the past years where from the
> category "hy should i bother about this and that, it is unlikely"
>
Nobody said anything about it being "unlikely". What's being argued is that
if your bug requires ad-hoc conditions to be exploited then it's more than
likely not a security bug at all - in all the scenarios proposed here, the
ad-hoc conditions are the problem, and there would be infinite more ways of
"exploiting" them.
This way of reporting fake security problems is good for gaining publicity
real fast, but not for much else. It's just noise.
--
“There's a reason we separate military and the police: one fights the enemy
of the state, the other serves and protects the people. When the military
becomes both, then the enemies of the state tend to become the people.”
_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists