Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: How T-Mobil's network was compromised
From: Willem Koenings <infsec () gmail com>
Date: Sun, 20 Feb 2005 01:09:29 +0200

On Sat, 19 Feb 2005 10:14:31 -0600, Frank Knobbe <frank () knobbe us> wrote:
On Sat, 2005-02-19 at 16:12 +0200, Willem Koenings wrote:
- user input is correctly sanitized and there is no flaw
- use input is not correctly sanitized and there is a flaw

I've seen cases where user input is correctly sanitized, but there was a
flaw.

Can you please bring an example?

 
So above saying is not always completly true. But you can't use
testing to find something you don't know at this exact moment -
unknown flaws.

Well, that's exactly the point of the quote :)

The original quote isn't uniquely understandable:

"Testing can reveal the presence of flaws, but not their absence" 

1. testing doesn't reveal absence of known flaw
2. testing doesn't reveal absence of all known flaws
3. testing doesn't reveal absence of unknown flaw
4. testing doesn't reveal absence of all unknown flaws
...

all the best,

W.

ps. no multiple mail please. either list or private, but not both.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault