Bugtraq mailing list archives
RE: Six Step IE Remote Compromise Cache Attack
From: "Alun Jones" <alun () texis com>
Date: Tue, 11 Nov 2003 11:13:07 -0600
-----Original Message----- From: Goetz Babin-Ebell [mailto:babin-ebell () trustcenter de] Sent: Monday, November 10, 2003 11:25 AM But wrongly rejecting good input has no security implications. But wrongly accepting bad input has.
Coding to satisfy only security implications, in a vacuum separated from the rest of the world, all the security bugs in the world can be fixed simply by removing all the features. Wrongly rejecting good input has a very strong implication - your program fails to do what it is tasked with. You can call that a security implication, in that security's task is not just to prevent access by the unwashed, but also to allow, provide and facilitate access to those that are approved. If all we are doing is trying to prevent unauthorised access, then all we have to do is turn off, unplug, and shred, our computers. There - security made easy. Alun. ~~~~ -- Texas Imperial Software | Find us at http://www.wftpd.com or email 1602 Harvest Moon Place | alun () texis com. Cedar Park TX 78613-1419 | WFTPD, WFTPD Pro are Windows FTP servers. Fax/Voice +1(512)258-9858 | Try our NEW client software, WFTPD Explorer.
Current thread:
- Re: Six Step IE Remote Compromise Cache Attack, (continued)
- Re: Six Step IE Remote Compromise Cache Attack Jelmer (Nov 06)
- RE: Six Step IE Remote Compromise Cache Attack Thor Larholm (Nov 05)
- RE: Six Step IE Remote Compromise Cache Attack Paul Szabo (Nov 05)
- RE: Six Step IE Remote Compromise Cache Attack Drew Copley (Nov 06)
- Re: Six Step IE Remote Compromise Cache Attack http-equiv () excite com (Nov 06)
- Re: RE: Six Step IE Remote Compromise Cache Attack Steven M. Christey (Nov 06)
- Re: RE: Six Step IE Remote Compromise Cache Attack Paul Schmehl (Nov 06)
- RE: Six Step IE Remote Compromise Cache Attack Steven M. Christey (Nov 07)
- Re: Six Step IE Remote Compromise Cache Attack Goetz Babin-Ebell (Nov 10)
- Re: Six Step IE Remote Compromise Cache Attack Byron Sonne (Nov 10)
- RE: Six Step IE Remote Compromise Cache Attack Alun Jones (Nov 11)
- Re: Six Step IE Remote Compromise Cache Attack Goetz Babin-Ebell (Nov 10)
- Re: Six Step IE Remote Compromise Cache Attack Steven M. Christey (Nov 10)
- RE: Six Step IE Remote Compromise Cache Attack Michael Wojcik (Nov 11)
- Re: Six Step IE Remote Compromise Cache Attack Goetz Babin-Ebell (Nov 11)