Bugtraq mailing list archives
Re: Six Step IE Remote Compromise Cache Attack
From: Byron Sonne <blsonne () rogers com>
Date: Mon, 10 Nov 2003 15:44:40 -0500
But wrongly rejecting good input has no security implications. But wrongly accepting bad input has.
Are you sure about that? It's arguable that it's the outcome of the action that is more important than the content or value of the action itself (i.e. By action or admission of action allow an offence to be committed).
If I have backdoored a system, and I can have the system reject good input (i.e. the sysadmin issuing a command to remove the backdoor), then the system has continued to remain insecure as a result of rejecting good input.
That may be a contrived example, but this is a topic that bears being pedantic ;) so if a principle isn't true in all cases it isn't true at all.
-- For good, return good. For evil, return justice.
Current thread:
- Re: Six Step IE Remote Compromise Cache Attack, (continued)
- Re: Six Step IE Remote Compromise Cache Attack Seth Arnold (Nov 05)
- Re: Six Step IE Remote Compromise Cache Attack Jelmer (Nov 06)
- RE: Six Step IE Remote Compromise Cache Attack Thor Larholm (Nov 05)
- RE: Six Step IE Remote Compromise Cache Attack Paul Szabo (Nov 05)
- RE: Six Step IE Remote Compromise Cache Attack Drew Copley (Nov 06)
- Re: Six Step IE Remote Compromise Cache Attack http-equiv () excite com (Nov 06)
- Re: RE: Six Step IE Remote Compromise Cache Attack Steven M. Christey (Nov 06)
- Re: RE: Six Step IE Remote Compromise Cache Attack Paul Schmehl (Nov 06)
- RE: Six Step IE Remote Compromise Cache Attack Steven M. Christey (Nov 07)
- Re: Six Step IE Remote Compromise Cache Attack Goetz Babin-Ebell (Nov 10)
- Re: Six Step IE Remote Compromise Cache Attack Byron Sonne (Nov 10)
- RE: Six Step IE Remote Compromise Cache Attack Alun Jones (Nov 11)
- Re: Six Step IE Remote Compromise Cache Attack Goetz Babin-Ebell (Nov 10)
- Re: Six Step IE Remote Compromise Cache Attack Steven M. Christey (Nov 10)
- RE: Six Step IE Remote Compromise Cache Attack Michael Wojcik (Nov 11)
- Re: Six Step IE Remote Compromise Cache Attack Goetz Babin-Ebell (Nov 11)