mailing list archives
Re: Six Step IE Remote Compromise Cache Attack
From: Byron Sonne <blsonne () rogers com>
Date: Mon, 10 Nov 2003 15:44:40 -0500
But wrongly rejecting good input has no security implications.
But wrongly accepting bad input has.
Are you sure about that? It's arguable that it's the outcome of the
action that is more important than the content or value of the action
itself (i.e. By action or admission of action allow an offence to be
If I have backdoored a system, and I can have the system reject good
input (i.e. the sysadmin issuing a command to remove the backdoor), then
the system has continued to remain insecure as a result of rejecting
That may be a contrived example, but this is a topic that bears being
pedantic ;) so if a principle isn't true in all cases it isn't true at all.
For good, return good. For evil, return justice.
- Re: Six Step IE Remote Compromise Cache Attack, (continued)