Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: How T-Mobil's network was compromised
From: Frank Knobbe <frank () knobbe us>
Date: Sat, 19 Feb 2005 10:14:31 -0600

On Sat, 2005-02-19 at 16:12 +0200, Willem Koenings wrote:
- user input is correctly sanitized and there is no flaw
- use input is not correctly sanitized and there is a flaw

I've seen cases where user input is correctly sanitized, but there was a
flaw.

If you tested your whole parameter set and don't find a flaw, it doesn't
mean that none exists. There could be a flaw that you haven't found with
your set of tests. That's what the quote is eluding to. You can say for
sure that there is a flaw, but you can not say for sure that there is
not one. You can't test for the absence.

So above saying is not always completly true. But you can't use
testing to find something you don't know at this exact moment -
unknown flaws.

Well, that's exactly the point of the quote :)


Cheers,
Frank

Attachment: signature.asc
Description: This is a digitally signed message part

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]