Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: adobe.com important subdomain SQL injection again!

From: Pavel Kankovsky <peak () argo troja mff cuni cz>
Date: Thu, 23 Dec 2010 14:32:22 +0100 (CET)
On Mon, 20 Dec 2010, Marsh Ray wrote:


OK, so if sandboxing works, then why not just let devs build x86/x64 
code in the first place? In the same category as Native Client or ActiveX.


And get rid of the only good feature (or perhaps one of the few good
features)  of Flash (its ability to present the same content on various
OSes and CPU architectures)?


Remember chapter 1 of the textbook when it said "The first rule of 
security is never try to retrofit security, _ever_!!" and underlined it 
three times?


I guess there must be a complementary rule in chapter 1 of software 
project management textbooks reading "Do not ever take security into 
consideration when the system is being developed. Security is supposed to 
be an afterthought (and additional expense for the customer)! Always!"
In bright red blinking (*) 48pt letters. :(

(*) An amazing feat in a printed book but the wonders of modern technology
will make it possible soon.

-- 
Pavel Kankovsky aka Peak                          / Jeremiah 9:21        \
"For death is come up into our MS Windows(tm)..." \ 21st century edition /

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: