Full Disclosure mailing list archives

Re: Gates: 'You don't need perfect code' for good security

From: "Geoincidents" <geoincidents () getinfo org>
Date: Tue, 4 Nov 2003 06:03:40 -0500

But IMHO, that *is* the point.  If it's on the Internet, it's exposed .
. . And if a stored procedure is exposed, then the whole system is
exposed . . .


Nonsense, you read to many MS papers <g>. Lots of ISP's run SQL servers on
the internet for radius authentication, where the database and stored
procedures are not exposed. Just because MS describes something you don't
consider safe, you are assuming there isn't a safe way to do it?

If what you say is true, then all the MS databases where they store
registration information, windows update information, activation
information, they must all be exposed so how about posting exploits for them
so we can get MS to secure our data? Or are those on the net yet not
exposed?

Geo.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

udp port 2615, (continued)
- - - udp port 2615 Trond Kringstad (Nov 01)
  - RE: Gates: 'You don't need perfect code' for good security Cedric Blancher (Nov 01)
  - Re: Gates: 'You don't need perfect code' for good security William Warren (Nov 02)
    - Re: Gates: 'You don't need perfect code' for good security Matthew Murphy (Nov 02)
    - Re: Gates: 'You don't need perfect code' for good security Geoincidents (Nov 02)
    - Re: Gates: 'You don't need perfect code' for good security Matthew Murphy (Nov 02)
    - Re: Gates: 'You don't need perfect code' for good security Geoincidents (Nov 02)
    - Re: Gates: 'You don't need perfect code' for good security George Capehart (Nov 03)
    - Re: Gates: 'You don't need perfect code' for good security Geoincidents (Nov 03)
    - Re: Gates: 'You don't need perfect code' for good security George Capehart (Nov 03)
    - Re: Gates: 'You don't need perfect code' for good security Geoincidents (Nov 04)
    - Re: Gates: 'You don't need perfect code' for good security Valdis . Kletnieks (Nov 04)
    - Re: Gates: 'You don't need perfect code' for good security Dave Howe (Nov 04)
    - Re: Gates: 'You don't need perfect code' for good security George Capehart (Nov 04)
    - Re: Gates: 'You don't need perfect code' for good security Nick FitzGerald (Nov 02)
    - Re: Gates: 'You don't need perfect code' for good security Valdis . Kletnieks (Nov 02)
    - Re: Gates: 'You don't need perfect code' for good security Frank Knobbe (Nov 02)
    - Re: Gates: 'You don't need perfect code' forgood security Lan Guy (Nov 03)
    - Re: Gates: 'You don't need perfect code' for good security Nick FitzGerald (Nov 02)
    - Re: Gates: 'You don't need perfect code' for good security Darren Reed (Nov 02)
    - Re: Gates: 'You don't need perfect code' for good security Cedric Blancher (Nov 02)

(Thread continues...)