On Wed, May 21, 2014 at 8:21 PM, Reindl Harald <[email protected]>wrote:
> 90 out of 100 security flaws in the past years where from the > category "hy should i bother about this and that, it is unlikely" > Nobody said anything about it being "unlikely". What's being argued is that if your bug requires ad-hoc conditions to be exploited then it's more than likely not a security bug at all - in all the scenarios proposed here, the ad-hoc conditions are the problem, and there would be infinite more ways of "exploiting" them. This way of reporting fake security problems is good for gaining publicity real fast, but not for much else. It's just noise. -- “There's a reason we separate military and the police: one fights the enemy of the state, the other serves and protects the people. When the military becomes both, then the enemies of the state tend to become the people.” _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
