Re: [Full-disclosure] Bigger burger roll needed

From: security curmudgeon (
Date: 10/05/05

  • Next message: Aditya Deshmukh: "RE: [Full-disclosure] Cyrilic"
    Date: Tue, 4 Oct 2005 22:45:37 -0400 (EDT)

    : You know, I wouldn't mind it IF the conversation was properly
    : [re]directed in context. In fact it often leads to many fascinating
    : discussions. But other times it feels like some people that
    : contributing are schizophrenic.

    Seems like the people that didn't catch that "leap" don't quite grok the
    security industry at all.

    : Why if someone doesn't like or agree with a particular answer or topic
    : its OK to respond with something completely different without any
    : qualification is really bizarre - especially from a technical community.

    Microsoft / Windows / BSODs

    no, wrong / 3rd Parties / BSODs

    This lead to a comment of "blame the 3rd party for providing malformed
    input, not microsoft/windows!"

    At this point, two of us reply "blame hackers for malformed input",
    referring to the numerous input manipulation vulnerabilities (XSS, SQL
    Injection, Format String, Overflow, et al), as it is a fairly direct
    comparison to those who blame hackers for shoddy programming. By the logic
    of that quote, we should blame hackers for *vulnerabilities* in code, not
    just exploiting them. To lay blame on the person providing malformed input
    is silly, be it a hacker or 3rd party device driver author. It all boils
    down to coding that can't handle unexpected input, which is a utopian
    attitude in a world that is anything but.

    Full-Disclosure - We believe in it.
    Hosted and sponsored by Secunia -

  • Next message: Aditya Deshmukh: "RE: [Full-disclosure] Cyrilic"