Insecurity Forevar! [was: Mu [prior to that: How worse is the Shellshock bash bug than Heartbleed?]]
coderman
coderman at gmail.com
Sun Oct 12 17:35:15 PDT 2014
On 10/5/14, Georgi Guninski <guninski at guninski.com> wrote:
> ...
> ok, i won't argue :)
one last beating of this dead horse:
"The recommended practice of blowing away the environment before
calling a shell goes back to Garfinkel & Spafford's 1991 seminal
Practical Unix Security (or at least the 1996 2nd ed., Practical Unix
& Internet Security). It's in there TWICE it is so basic."
- https://docstrange.livejournal.com/95142.html
also relevant,
"Dear clueless assholes: stop bashing bash and GNU... You people are
pieces of shit. I am disgusted..."
- https://weev.livejournal.com/409835.html
"These bugs that happen, these mistakes in software that lead to
vulnerabilities, they aren’t one-off problems. They’re systemic. There
are patterns to them and patterns to how people take advantage of
them. But it isn’t in any one particular company’s interest to dump a
pile of their own resources into fixing even one of the problems, much
less dump a pile of resources into an engineering effort to fight the
pattern... They’ve got even less incentive to fix entire classes of
vulnerabilities across the board. Same goes for everybody else in the
game... it’s worse than a tragedy of the commons, it’s a race to the
bottom."
- https://medium.com/message/how-i-explained-heartbleed-to-my-therapist-4c1dbcbe1099
More information about the cypherpunks
mailing list