|Welcome to the Monastery|
Re: Re: Re: Does fatalsToBrowser give too much information to a cracker?by Juerd (Abbot)
|on Apr 10, 2002 at 14:06 UTC||Need Help??|
Then you really don't even need an exception handler, do you? *Smiles*
Well, I do. Errors are often caused by external problems, like exceeded disk quotas, connection errors etc. Or null bytes inserted in my source with terrible harddisk crashes.
until Kevin Mitnick abused it.
And exactly how did he abuse TCP/IP? The same way criminals abuse roads to get away? Or are you one of the many people who just blame this Mitnick guy for everything that is a crack?
I bet the developers of ICMP error messaging never thought it would be used to recon systems.
It's not the protocol that lets people abuse, it's the implementation. That's because it's very simple to make mistakes in lower level languages (hence Perl's huge number of bugs :)
I have to assume that the person on the other side of my system is smarter than me, more clever than me, and would like to comprimise my security.
Even if he is and would, how could error messages help crack a well written Perl program?