Full Disclosure mailing list archives

Re: Another Low Blow From Microsoft: MBSA Failure!

From: "Kenneth R. van Wyk" <Ken () KRvW com>
Date: Wed, 11 Feb 2004 11:58:10 -0500

Valdis.Kletnieks () vt edu wrote:

Remember - if the exploit works, you have a problem.  Failure of the
exploit to work does NOT mean you don't have a problem - somebody with
a different version that has a critical offset set to 4 more or less
may make swiss cheese of your network.

Yes, excellent point. Phrased somewhat differently, software testingonly detects the presenceof a problem, not the absence of one. I believe that that subtle butoh-so-important point is

not understood far too often.

Cheers,

Ken van Wyk
--
KRvW Associates, LLC
CERT® Certified Computer Security Incident Handler
http://www.KRvW.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

RE: Another Low Blow From Microsoft: MBSA Failure! Drew Copley (Feb 10)
- <Possible follow-ups>
- RE: Another Low Blow From Microsoft: MBSA Failure! Eric McCarty (Feb 10)
- RE: Another Low Blow From Microsoft: MBSA Failure! Drew Copley (Feb 10)
  - Re: Another Low Blow From Microsoft: MBSA Failure! kevin hinze (Feb 11)
- Another Low Blow From Microsoft: MBSA Failure! dotsecure (Feb 10)
  - Re: Another Low Blow From Microsoft: MBSA Failure! Byron Copeland (Feb 10)
  - Re: Another Low Blow From Microsoft: MBSA Failure! morning_wood (Feb 10)
    - Re: Another Low Blow From Microsoft: MBSA Failure! Valdis . Kletnieks (Feb 11)
    - Re: Another Low Blow From Microsoft: MBSA Failure! Kenneth R. van Wyk (Feb 11)
    - Re: Another Low Blow From Microsoft: MBSA Failure! morning_wood (Feb 11)
- RE: Another Low Blow From Microsoft: MBSA Failure! Evans, Arian (Feb 12)