Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: How T-Mobil's network was compromised
From: Willem Koenings <infsec () gmail com>
Date: Sat, 19 Feb 2005 16:12:29 +0200

On Fri, 18 Feb 2005 16:49:03 -0500, Valdis.Kletnieks () vt edu
<Valdis.Kletnieks () vt edu> wrote:
On Fri, 18 Feb 2005 16:04:52 EST, bkfsec said:

Are you aware of any server software that has been so rigorously tested
that it has no flaws at all?

That would be one hell of a find...

"Testing can reveal the presence of flaws, but not their absence" -- E. Dijkstra

In my belief, this is not completely true. Let's say we are testing
web application, as this thread already started from one. Let's say
i'm testing application regarding to input sanitizing.  Code analysis
is one type of testing. When i do code analysis and look, how user
input is handled, i have  those results:

- user input is correctly sanitized and there is no flaw
- use input is not correctly sanitized and there is a flaw

So above saying is not always completly true. But you can't use
testing to find something you don't know at this exact moment -
unknown flaws.

all the best,

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]