Re: [Full-disclosure] Bigger burger roll needed

[security curmudgeon <jericho@xxxxxxxxxxxxx>]

: You know, I wouldn't mind it IF the conversation was properly 
: [re]directed in context.  In fact it often leads to many fascinating 
: discussions.  But other times it feels like some people that 
: contributing are schizophrenic.

Seems like the people that didn't catch that "leap" don't quite grok the 
security industry at all.

: Why if someone doesn't like or agree with a particular answer or topic 
: its OK to respond with something completely different without any 
: qualification is really bizarre - especially from a technical community.

Microsoft / Windows / BSODs

no, wrong / 3rd Parties / BSODs

This lead to a comment of "blame the 3rd party for providing malformed 
input, not microsoft/windows!"

At this point, two of us reply "blame hackers for malformed input", 
referring to the numerous input manipulation vulnerabilities (XSS, SQL 
Injection, Format String, Overflow, et al), as it is a fairly direct 
comparison to those who blame hackers for shoddy programming. By the logic 
of that quote, we should blame hackers for *vulnerabilities* in code, not 
just exploiting them. To lay blame on the person providing malformed input 
is silly, be it a hacker or 3rd party device driver author. It all boils 
down to coding that can't handle unexpected input, which is a utopian 
attitude in a world that is anything but.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/