[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Insecurity Forevar! [was: Mu [prior to that: How worse is the Shellshock bash bug than Heartbleed?]]

On Sun, Oct 12, 2014 at 05:35:15PM -0700, coderman wrote:
> On 10/5/14, Georgi Guninski <[email protected]> wrote:
> > ...
> > ok, i won't argue :)
> 
> 
> one last beating of this dead horse:
> 
> "The recommended practice of blowing away the environment before
> calling a shell goes back to Garfinkel & Spafford's 1991 seminal

lol, look at the warez almost all people are using.
if you follow all such advices you'd better not power it on.

note to myself:  stay away from forks of this thread...


> Practical Unix Security (or at least the 1996 2nd ed., Practical Unix
> & Internet Security). It's in there TWICE it is so basic."
>  - https://docstrange.livejournal.com/95142.html
> 
> also relevant,
> "Dear clueless assholes: stop bashing bash and GNU... You people are
> pieces of shit. I am disgusted..."
>  - https://weev.livejournal.com/409835.html
> 
> "These bugs that happen, these mistakes in software that lead to
> vulnerabilities, they arenâ??t one-off problems. Theyâ??re systemic. There
> are patterns to them and patterns to how people take advantage of
> them. But it isnâ??t in any one particular companyâ??s interest to dump a
> pile of their own resources into fixing even one of the problems, much
> less dump a pile of resources into an engineering effort to fight the
> pattern... Theyâ??ve got even less incentive to fix entire classes of
> vulnerabilities across the board. Same goes for everybody else in the
> game... itâ??s worse than a tragedy of the commons, itâ??s a race to the
> bottom."
>  - https://medium.com/message/how-i-explained-heartbleed-to-my-therapist-4c1dbcbe1099