Re: What is a security bug?

2005-11-23 Thread Thomas Bushnell BSG
Marc Haber <[EMAIL PROTECTED]> writes: > On Wed, Nov 23, 2005 at 10:53:46PM -0800, Thomas Bushnell BSG wrote: >> Florian Weimer <[EMAIL PROTECTED]> writes: >> > Suppose that the web browser always crashes when confronted with >> > certain input, losing all of its state. With tabbed browsing, >> >

Re: What is a security bug?

2005-11-23 Thread Marc Haber
On Wed, Nov 23, 2005 at 10:53:46PM -0800, Thomas Bushnell BSG wrote: > Florian Weimer <[EMAIL PROTECTED]> writes: > > Suppose that the web browser always crashes when confronted with > > certain input, losing all of its state. With tabbed browsing, > > multiple browser opened by the same process e

Re: What is a security bug?

2005-11-23 Thread Thomas Bushnell BSG
Florian Weimer <[EMAIL PROTECTED]> writes: > Suppose that the web browser always crashes when confronted with > certain input, losing all of its state. With tabbed browsing, > multiple browser opened by the same process etc., this means that > potentially important work is lost. In the case of g

Re: Re: Putty 0.45 vs. SSH Login

2005-11-23 Thread Mouffe.mahy
Bonjour , Je m'appelle charline Mahy et je cherche a joindre monsieur Peter Cordes -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: What is a security bug?

2005-11-23 Thread Mark Seaborn
Florian Weimer <[EMAIL PROTECTED]> wrote: > It seems that I have difficulty understanding what constitutes a > security bug in a web browser. > > Suppose that the web browser always crashes when confronted with > certain input, losing all of its state. With tabbed browsing, > multiple browser op

Re: What is a security bug?

2005-11-23 Thread Bernd Eckenfels
In article <[EMAIL PROTECTED]> you wrote: > Well, obviously it is not a _security_ bug, since it has nothing to do > with security. ... > well, that's obviously for me, but maybe someone else has a different > opion about this issue? Your definition and mine of security are not compatible :) (av

hi you doing today

2005-11-23 Thread griffin6468
I realy need to kno How to chang my password for my yahoo messenger it is very important .

Re: What is a security bug?

2005-11-23 Thread Noah Meyerhans
On Wed, Nov 23, 2005 at 12:59:02PM +0100, Florian Weimer wrote: > Availability is typically considered one aspect of security (and > arguably the hardest one to get right in networked applications). I tend to consider it the other way around. Security is a subset of availability. Availability mu

Re: What is a security bug?

2005-11-23 Thread Steve Kemp
On Wed, Nov 23, 2005 at 12:15:35PM +0100, Jasper Filon wrote: > Well, obviously it is not a _security_ bug, since it has nothing to do > with security. However, it is a bug, maybe even a critical one. I filed a couple of bugs on Mozilla relating to DOS attacks, crashing the browser on some bad

RE: What is a security bug?

2005-11-23 Thread Sels, Roger
Jasper, It's pretty much open for debate. The subtlety lies in the "certain input" mentioned by Florian. For the sake of argument, imagine you can create a webpage which when rendered will make the browser crash. You could trick users into surfing to your page, by e.g. spam mailing your URL arou

Re: What is a security bug?

2005-11-23 Thread Florian Weimer
* Jasper Filon: > Well, obviously it is not a _security_ bug, since it has nothing to do > with security. Availability is typically considered one aspect of security (and arguably the hardest one to get right in networked applications). For example, here's a quote from FIPS 199: | Security Obje

Re: What is a security bug?

2005-11-23 Thread Rolf Kutz
* Quoting Jasper Filon ([EMAIL PROTECTED]): > Well, obviously it is not a _security_ bug, since it has nothing to do > with security. However, it is a bug, maybe even a critical one. > As long as the bug does not compromise the security of the system > (enables unauthorised execution of code, acc

RE: What is a security bug?

2005-11-23 Thread Jasper Filon
Well, obviously it is not a _security_ bug, since it has nothing to do with security. However, it is a bug, maybe even a critical one. As long as the bug does not compromise the security of the system (enables unauthorised execution of code, access to memory of other process of manipulating the co

What is a security bug?

2005-11-23 Thread Florian Weimer
It seems that I have difficulty understanding what constitutes a security bug in a web browser. Suppose that the web browser always crashes when confronted with certain input, losing all of its state. With tabbed browsing, multiple browser opened by the same process etc., this means that potentia