Full Disclosure mailing list archives
Re: Is the FBI using email Web bugs?
From: "Jonathan A. Zdziarski" <jonathan () nuclearelephant com>
Date: Fri, 09 Jan 2004 11:07:28 -0500
Feature++ = bloat = bugs++. In the interest of fairness, this is shown on the mutt.org bugs page too. Mutt has many features, and lots of bugs.
If you believe security to be lack of bugs, then to you lack of features == security, however this is an incorrect statement IMHO. To me, however, the term security is an active term (not a passive one) meaning it isn't related to the complexity of the software, but the pro-activity of the programmer to implement secure programming; as complexity rises, security doesn't necessarily need to rise with it. Lack of bugs certainly makes it more difficult to exploit some holes, but that doesn't mean it has any security. A secure program makes a differentiation between trusted inputs and untrusted inputs, performs several pro-active sanity checks to insure that data is valid - and it is not about to perform a function it isn't supposed to, and provides necessary warnings and such when it is uncertain. This is a far cry from having a program that is written without any regard for security but doesn't happen to have any known bugs. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Is the FBI using email Web bugs?, (continued)
- Re: Is the FBI using email Web bugs? Azerail (Jan 08)
- Re: Is the FBI using email Web bugs? Jonathan A. Zdziarski (Jan 08)
- OT: (*Again?*) Mail Clients (Was: Re: Is the FBI using email Web bugs?) Damian Gerow (Jan 08)
- Re: OT: (*Again?*) Mail Clients (Was: Re: Is the FBI using email Web bugs?) Nico Golde (Jan 08)
- Re: Is the FBI using email Web bugs? José María Mateos (Jan 08)
- Re: Is the FBI using email Web bugs? jan . muenther (Jan 08)
- Re: Is the FBI using email Web bugs? Azerail (Jan 08)
- Re: Is the FBI using email Web bugs? bryce (Jan 08)
- Re: Is the FBI using email Web bugs? Azerail (Jan 09)
- Re: Is the FBI using email Web bugs? Ciro (Jan 09)
- Re: Is the FBI using email Web bugs? Jonathan A. Zdziarski (Jan 09)
- Re: Is the FBI using email Web bugs? Valdis . Kletnieks (Jan 07)
- Re: Is the FBI using email Web bugs? Dani Wuck (Jan 07)
- Re: Is the FBI using email Web bugs? madsaxon (Jan 07)
- Re: Is the FBI using email Web bugs? Paulo Pereira (Jan 11)
- RE: Is the FBI using email Web bugs? Poof (Jan 11)
- Re: Is the FBI using email Web bugs? Gary E. Miller (Jan 11)
- auditing / logging while performing pen test n30 (Jan 11)
- Re: auditing / logging while performing pen test Nico Golde (Jan 12)
- Re: auditing / logging while performing pen test Wojciech Pawlikowski (Jan 12)
- RE: auditing / logging while performing pen test Aleksander P. Czarnowski (Jan 12)