Re: [Full-disclosure] Bigger burger roll needed
From: security curmudgeon (jericho_at_attrition.org)
Date: Tue, 4 Oct 2005 22:45:37 -0400 (EDT) To: firstname.lastname@example.org
: You know, I wouldn't mind it IF the conversation was properly
: [re]directed in context. In fact it often leads to many fascinating
: discussions. But other times it feels like some people that
: contributing are schizophrenic.
Seems like the people that didn't catch that "leap" don't quite grok the
security industry at all.
: Why if someone doesn't like or agree with a particular answer or topic
: its OK to respond with something completely different without any
: qualification is really bizarre - especially from a technical community.
Microsoft / Windows / BSODs
no, wrong / 3rd Parties / BSODs
This lead to a comment of "blame the 3rd party for providing malformed
input, not microsoft/windows!"
At this point, two of us reply "blame hackers for malformed input",
referring to the numerous input manipulation vulnerabilities (XSS, SQL
Injection, Format String, Overflow, et al), as it is a fairly direct
comparison to those who blame hackers for shoddy programming. By the logic
of that quote, we should blame hackers for *vulnerabilities* in code, not
just exploiting them. To lay blame on the person providing malformed input
is silly, be it a hacker or 3rd party device driver author. It all boils
down to coding that can't handle unexpected input, which is a utopian
attitude in a world that is anything but.
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/