Full Disclosure mailing list archives
Re: adobe.com important subdomain SQL injection again!
From: Pavel Kankovsky <peak () argo troja mff cuni cz>
Date: Thu, 23 Dec 2010 14:32:22 +0100 (CET)
On Mon, 20 Dec 2010, Marsh Ray wrote:
OK, so if sandboxing works, then why not just let devs build x86/x64 code in the first place? In the same category as Native Client or ActiveX.
And get rid of the only good feature (or perhaps one of the few good features) of Flash (its ability to present the same content on various OSes and CPU architectures)?
Remember chapter 1 of the textbook when it said "The first rule of security is never try to retrofit security, _ever_!!" and underlined it three times?
I guess there must be a complementary rule in chapter 1 of software project management textbooks reading "Do not ever take security into consideration when the system is being developed. Security is supposed to be an afterthought (and additional expense for the customer)! Always!" In bright red blinking (*) 48pt letters. :( (*) An amazing feat in a printed book but the wonders of modern technology will make it possible soon. -- Pavel Kankovsky aka Peak / Jeremiah 9:21 \ "For death is come up into our MS Windows(tm)..." \ 21st century edition / _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: adobe.com important subdomain SQL injection again!, (continued)
- Re: adobe.com important subdomain SQL injection again! Pavel Kankovsky (Dec 19)
- Re: adobe.com important subdomain SQL injection again! Jeffrey Walton (Dec 19)
- Re: adobe.com important subdomain SQL injection again! Marsh Ray (Dec 19)
- Re: adobe.com important subdomain SQL injection again! Christian Sciberras (Dec 19)
- Re: adobe.com important subdomain SQL injection again! Victor Rigo (Dec 19)
- Re: adobe.com important subdomain SQL injection again! John Jester (Dec 20)
- Re: adobe.com important subdomain SQL injection again! Jeffrey Walton (Dec 23)
- Re: adobe.com important subdomain SQL injection again! Serkan Özkan (Dec 20)
- Re: adobe.com important subdomain SQL injection again! John Jester (Dec 20)
- Re: adobe.com important subdomain SQL injection again! Marsh Ray (Dec 20)
- Re: adobe.com important subdomain SQL injection again! Pavel Kankovsky (Dec 23)
- Re: adobe.com important subdomain SQL injection again! Chris Evans (Dec 21)