[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Insecurity Forevar! [was: Mu [prior to that: How worse is the Shellshock bash bug than Heartbleed?]]
On 10/5/14, Georgi Guninski <[email protected]> wrote:
> ...
> ok, i won't argue :)
one last beating of this dead horse:
"The recommended practice of blowing away the environment before
calling a shell goes back to Garfinkel & Spafford's 1991 seminal
Practical Unix Security (or at least the 1996 2nd ed., Practical Unix
& Internet Security). It's in there TWICE it is so basic."
- https://docstrange.livejournal.com/95142.html
also relevant,
"Dear clueless assholes: stop bashing bash and GNU... You people are
pieces of shit. I am disgusted..."
- https://weev.livejournal.com/409835.html
"These bugs that happen, these mistakes in software that lead to
vulnerabilities, they arenâ??t one-off problems. Theyâ??re systemic. There
are patterns to them and patterns to how people take advantage of
them. But it isnâ??t in any one particular companyâ??s interest to dump a
pile of their own resources into fixing even one of the problems, much
less dump a pile of resources into an engineering effort to fight the
pattern... Theyâ??ve got even less incentive to fix entire classes of
vulnerabilities across the board. Same goes for everybody else in the
game... itâ??s worse than a tragedy of the commons, itâ??s a race to the
bottom."
- https://medium.com/message/how-i-explained-heartbleed-to-my-therapist-4c1dbcbe1099