Ben Bucksch wrote:
> Anders B Jansson wrote:
>> I'd say that it's a design decition, not sure that it's a design
>> flaw.
>> It's all down to what you try to protect.
>> ... connecting any device not 100% controlled by the company to a
>> company network is strictly forbidden, doing so would be reg
> Sometimes, the track record is only good because nobody looked into it.
>
Nice quote...
-KF
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com
Anders B Jansson wrote:
> I'd say that it's a design decition, not sure that it's a design flaw.
> It's all down to what you try to protect.
> ... connecting any device not 100% controlled by the company to a company
> network is strictly forbidden, doing so would be regarded as intended
> sabota
Before I begin to trash.
I do not reject any of the findings, most I'll argue that it's a matter of
perspective.
Ben Bucksch wrote:
> = Abstract =
>
> The Perforce client has a huge gapping security hole by design. It
> totally trusts the Perforce server and does whatever the server tells
> it
= Abstract =
The Perforce client has a huge gapping security hole by design. It
totally trusts the Perforce server and does whatever the server tells
it, writing arbitrary files.
= Disclaimer =
This is so terribly obvious that I'd be surprised that this is news, but
I couldn't find anything.