Insecurity Forevar! [was: Mu [prior to that: How worse is the Shellshock bash bug than Heartbleed?]]

Georgi Guninski guninski at guninski.com
Mon Oct 13 05:15:58 PDT 2014


On Sun, Oct 12, 2014 at 05:35:15PM -0700, coderman wrote:
> On 10/5/14, Georgi Guninski <guninski at guninski.com> wrote:
> > ...
> > ok, i won't argue :)
> 
> 
> one last beating of this dead horse:
> 
> "The recommended practice of blowing away the environment before
> calling a shell goes back to Garfinkel & Spafford's 1991 seminal

lol, look at the warez almost all people are using.
if you follow all such advices you'd better not power it on.

note to myself:  stay away from forks of this thread...


> Practical Unix Security (or at least the 1996 2nd ed., Practical Unix
> & Internet Security). It's in there TWICE it is so basic."
>  - https://docstrange.livejournal.com/95142.html
> 
> also relevant,
> "Dear clueless assholes: stop bashing bash and GNU... You people are
> pieces of shit. I am disgusted..."
>  - https://weev.livejournal.com/409835.html
> 
> "These bugs that happen, these mistakes in software that lead to
> vulnerabilities, they aren’t one-off problems. They’re systemic. There
> are patterns to them and patterns to how people take advantage of
> them. But it isn’t in any one particular company’s interest to dump a
> pile of their own resources into fixing even one of the problems, much
> less dump a pile of resources into an engineering effort to fight the
> pattern... They’ve got even less incentive to fix entire classes of
> vulnerabilities across the board. Same goes for everybody else in the
> game... it’s worse than a tragedy of the commons, it’s a race to the
> bottom."
>  - https://medium.com/message/how-i-explained-heartbleed-to-my-therapist-4c1dbcbe1099



More information about the cypherpunks mailing list