Full Disclosure mailing list archives
Re: Vulnerability in reCAPTCHA for Drupal
From: Charles Morris <cmorris () cs odu edu>
Date: Fri, 18 Feb 2011 13:40:47 -0500
It is my personal belief that all vulnerabilities should be patched regardless of existence of a known attack vector or exploit.Let me fix that for you: All vulnerabilities should be evaluated as to whether patching them makes sense. If it's a one-liner fix for a stupid logic error, yes it probably should be patched whether or not there's a known exploit.
...
So yes, evaluation is needed. But patching it may not make any realistic sense, depending on the nature of the issue and who is potentially affected.
I agree Valdis, and I personally used shatter when it was popularized.. resulting in tons of fun here at the university with my colleagues. However, I'm simply stating a belief in a more abstract sense, I agree beliefs are not always realistic, but personally I /do/ make that guarantee whenever I write a piece of code. I am very aware I must compromise this belief when working in the market, like most of my other beliefs and morals, and I do so daily. Then I go home and cry myself to sleep. Charles _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Vulnerability in reCAPTCHA for Drupal MustLive (Feb 17)
- Re: Vulnerability in reCAPTCHA for Drupal Zach C. (Feb 17)
- Re: Vulnerability in reCAPTCHA for Drupal Eyeballing Weev (Feb 17)
- Re: Vulnerability in reCAPTCHA for Drupal Zach C. (Feb 17)
- Re: Vulnerability in reCAPTCHA for Drupal Michele Orru (Feb 17)
- Re: Vulnerability in reCAPTCHA for Drupal Valdis . Kletnieks (Feb 17)
- Re: Vulnerability in reCAPTCHA for Drupal Charles Morris (Feb 18)
- Message not available
- Message not available
- Re: Vulnerability in reCAPTCHA for Drupal Conor (Feb 18)
- Re: Vulnerability in reCAPTCHA for Drupal Zach C. (Feb 18)
- Re: Vulnerability in reCAPTCHA for Drupal Eyeballing Weev (Feb 17)
- Re: Vulnerability in reCAPTCHA for Drupal Zach C. (Feb 17)
- Re: Vulnerability in reCAPTCHA for Drupal Valdis . Kletnieks (Feb 18)
- Re: Vulnerability in reCAPTCHA for Drupal Charles Morris (Feb 18)
- Re: Vulnerability in reCAPTCHA for Drupal Ulisses Montenegro (Feb 19)