Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: How T-Mobil's network was compromised

From: Willem Koenings <infsec () gmail com>
Date: Sun, 20 Feb 2005 01:09:29 +0200
On Sat, 19 Feb 2005 10:14:31 -0600, Frank Knobbe <frank () knobbe us> wrote:

On Sat, 2005-02-19 at 16:12 +0200, Willem Koenings wrote:

- user input is correctly sanitized and there is no flaw
- use input is not correctly sanitized and there is a flaw


I've seen cases where user input is correctly sanitized, but there was a
flaw.


Can you please bring an example?

 

So above saying is not always completly true. But you can't use
testing to find something you don't know at this exact moment -
unknown flaws.


Well, that's exactly the point of the quote :)


The original quote isn't uniquely understandable:

"Testing can reveal the presence of flaws, but not their absence" 

1. testing doesn't reveal absence of known flaw
2. testing doesn't reveal absence of all known flaws
3. testing doesn't reveal absence of unknown flaw
4. testing doesn't reveal absence of all unknown flaws
...

all the best,

W.

ps. no multiple mail please. either list or private, but not both.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: