Full Disclosure mailing list archives
Re: How T-Mobil's network was compromised
From: Frank Knobbe <frank () knobbe us>
Date: Sat, 19 Feb 2005 10:14:31 -0600
On Sat, 2005-02-19 at 16:12 +0200, Willem Koenings wrote:
- user input is correctly sanitized and there is no flaw - use input is not correctly sanitized and there is a flaw
I've seen cases where user input is correctly sanitized, but there was a flaw. If you tested your whole parameter set and don't find a flaw, it doesn't mean that none exists. There could be a flaw that you haven't found with your set of tests. That's what the quote is eluding to. You can say for sure that there is a flaw, but you can not say for sure that there is not one. You can't test for the absence.
So above saying is not always completly true. But you can't use testing to find something you don't know at this exact moment - unknown flaws.
Well, that's exactly the point of the quote :) Cheers, Frank
Attachment:
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- How T-Mobil's network was compromised gf gf (Feb 17)
- Re: How T-Mobil's network was compromised Dave Ockwell-Jenner (Feb 17)
- Re: How T-Mobil's network was compromised Andrew Smith (Feb 17)
- Re: How T-Mobil's network was compromised Ill will (Feb 17)
- Re: How T-Mobil's network was compromised bkfsec (Feb 19)
- Re: How T-Mobil's network was compromised Valdis . Kletnieks (Feb 19)
- Re: How T-Mobil's network was compromised Willem Koenings (Feb 19)
- Re: How T-Mobil's network was compromised Frank Knobbe (Feb 19)
- Re: How T-Mobil's network was compromised Willem Koenings (Feb 19)
- Re: How T-Mobil's network was compromised Valdis . Kletnieks (Feb 19)
- Re: How T-Mobil's network was compromised Frank Knobbe (Feb 20)
- Re: How T-Mobil's network was compromised Willem Koenings (Feb 20)
- Re: How T-Mobil's network was compromised Frank Knobbe (Feb 20)
- RE: How T-Mobil's network was compromised Allan (Feb 20)
- Re: How T-Mobil's network was compromised Dave Ockwell-Jenner (Feb 17)