|
Full Disclosure
mailing list archives
Re: How T-Mobil's network was compromised
From: Frank Knobbe <frank () knobbe us>
Date: Sat, 19 Feb 2005 10:14:31 -0600
On Sat, 2005-02-19 at 16:12 +0200, Willem Koenings wrote:
- user input is correctly sanitized and there is no flaw
- use input is not correctly sanitized and there is a flaw
I've seen cases where user input is correctly sanitized, but there was a
flaw.
If you tested your whole parameter set and don't find a flaw, it doesn't
mean that none exists. There could be a flaw that you haven't found with
your set of tests. That's what the quote is eluding to. You can say for
sure that there is a flaw, but you can not say for sure that there is
not one. You can't test for the absence.
So above saying is not always completly true. But you can't use
testing to find something you don't know at this exact moment -
unknown flaws.
Well, that's exactly the point of the quote :)
Cheers,
Frank
Attachment:
signature.asc
Description: This is a digitally signed message part
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
 By Date 
By Thread
Current thread:
- Re: How T-Mobil's network was compromised, (continued)
| 
Intro
