Full Disclosure mailing list archives
Re: Another Low Blow From Microsoft: MBSA Failure!
From: "Kenneth R. van Wyk" <Ken () KRvW com>
Date: Wed, 11 Feb 2004 11:58:10 -0500
Valdis.Kletnieks () vt edu wrote:
Yes, excellent point. Phrased somewhat differently, software testing only detects the presence of a problem, not the absence of one. I believe that that subtle but oh-so-important point isRemember - if the exploit works, you have a problem. Failure of the exploit to work does NOT mean you don't have a problem - somebody with a different version that has a critical offset set to 4 more or less may make swiss cheese of your network.
not understood far too often. Cheers, Ken van Wyk -- KRvW Associates, LLC CERT® Certified Computer Security Incident Handler http://www.KRvW.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: Another Low Blow From Microsoft: MBSA Failure! Drew Copley (Feb 10)
- <Possible follow-ups>
- RE: Another Low Blow From Microsoft: MBSA Failure! Eric McCarty (Feb 10)
- RE: Another Low Blow From Microsoft: MBSA Failure! Drew Copley (Feb 10)
- Re: Another Low Blow From Microsoft: MBSA Failure! kevin hinze (Feb 11)
- Another Low Blow From Microsoft: MBSA Failure! dotsecure (Feb 10)
- Re: Another Low Blow From Microsoft: MBSA Failure! Byron Copeland (Feb 10)
- Re: Another Low Blow From Microsoft: MBSA Failure! morning_wood (Feb 10)
- Re: Another Low Blow From Microsoft: MBSA Failure! Valdis . Kletnieks (Feb 11)
- Re: Another Low Blow From Microsoft: MBSA Failure! Kenneth R. van Wyk (Feb 11)
- Re: Another Low Blow From Microsoft: MBSA Failure! morning_wood (Feb 11)
- RE: Another Low Blow From Microsoft: MBSA Failure! Evans, Arian (Feb 12)