mailing list archives
Re: How T-Mobil's network was compromised
From: Willem Koenings <infsec () gmail com>
Date: Sun, 20 Feb 2005 01:09:29 +0200
On Sat, 19 Feb 2005 10:14:31 -0600, Frank Knobbe <frank () knobbe us> wrote:
On Sat, 2005-02-19 at 16:12 +0200, Willem Koenings wrote:
- user input is correctly sanitized and there is no flaw
- use input is not correctly sanitized and there is a flaw
I've seen cases where user input is correctly sanitized, but there was a
Can you please bring an example?
So above saying is not always completly true. But you can't use
testing to find something you don't know at this exact moment -
Well, that's exactly the point of the quote :)
The original quote isn't uniquely understandable:
"Testing can reveal the presence of flaws, but not their absence"
1. testing doesn't reveal absence of known flaw
2. testing doesn't reveal absence of all known flaws
3. testing doesn't reveal absence of unknown flaw
4. testing doesn't reveal absence of all unknown flaws
all the best,
ps. no multiple mail please. either list or private, but not both.
Full-Disclosure - We believe in it.