Vulnerabilities aren't vulnerabilities!
-
Ok, so I know I'm TRWTF for getting in an internet fight. But I saw someone saying something WRONG ON THE INTERNET!
Somehow I got on this zd.net article, and I saw this post:
There is a reason for most if the servers on the net runs Linux.
BTW: Do you know of a security violated by the "Shellshock", and why bother about "heartbleed" - it only hurts on Window clients.
Of course I took the bait, responded,
Not sure what that second statement is about - Shellshock and Heartbleed were definitely security threats (unless memory disclosure and arbitrary shell access are OK to you...) and definitely affected much more than Windows clients... Unless you're perfectly fine with your password/anything else you send or receive over an SSL connection getting leaked...
I don't really agree with jwspicer's comments either - you can do both fast updates and non-buggy updates - they're not mutually exclusive... Delaying major security updates is definitely not the best way to do things, but Linux isn't bulletproof. That's why sysadmins have to stay on top of things.
and got this,
leaving a system in "debug mode" is a thing that sane people should not do. Well and then disclose the memory of the processes owning the socket is not big deal - no security threat unless you can access other parts of the system.
So on a Linux and Unix/MacOS nothing was leaked - but on Windows, you can "peek" into the entire thing.The "Shellshock" is slander, incompetence. If you read the specification of Unix, it states that the TRUE part of the expression shall be evaluated until it is found wrong - also when empty. The problem is that "journalists" and "unskilled labour" believed that the security of the system was compromised. In Linux/Unix - including MacOS, the security is in every object - and a surprise way of evaluating TRUE did not change the system security - nobody was given "root" access, nobody could access parts of the system that were restricted. The original Bourne shell evaluates blank to be TRUE - as a non-empty string.
If you made a password sniffer, that kept usernames and passwords in the application, and a port open to connect to, those passwords and usernames would be exposed. If everybody lined up and peed in the river, it would be a warm flood further down - sort of predictable.
then this
Well, "Apache" is the server, that runs the HTML client - two separate address spaces. Inaccessible in Linux / MacOS - so the password and userid are safe on the server. Hit Facebook with "HeartBleed", and get your 40K from the FB HTML parser. Do it again, and get the next - until there is no more address space for the page. But bear in mind that your log-in ID has been sent on to the server a long time ago, and has granted you access - unless it is less than 40K ago, should be safe. But then, you know your login-id and password - right. You cannot reach another instance of the HTML parser - unless the silly sodd runs Windows.
Shellshock is no bug but a disagreement. What you do not understand is that everything on Linux and MacOS has a security token - and the shell does not change this. This is not like Windows where security is enforces my a "security manager". Remove "/bin/ls" - and you cannot run the command "ls". But really no need to remove or delete, just restrict its availability to everyone - and then only the users that have been granted access to the file /bin/ls - for execute will be able to execute "ls". Well on a cold system you can "see" the security tokens and once "root" privileges you can read the file. But the "Shell Shock"s only surprise is that you will get a smack on your fingers - and now it can write a message. The file system may be encrypted (ext4) - and a foreign "root" cannot decipher it without getting the password right.
Evidently, heartbleed and shellshock were fake and only affect Windows clients.
Full conversation here: http://zd.net/1stOmJJ
I feel like my IQ dropped by a few points just talking to this guy.
TL;DR: Don't argue with people on the internet, it's bad for you
-
TL;DR: Don't argue with people on the internet, it's bad for you
yeah... @accalia learned that not a few weeks ago...
do not argue with the angry men. smile, nod, and leave without saying anything. it's for the best. (because Murder 1 means you no get Internet anymore)
-
I think it would be mercy killing not murder....
I'm not even sure what the logic was here:Well, "Apache" is the server, that runs the HTML client - two separate address spaces. Inaccessible in Linux / MacOS - so the password and userid are safe on the server. Hit Facebook with "HeartBleed", and get your 40K from the FB HTML parser. Do it again, and get the next - until there is no more address space for the page. But bear in mind that your log-in ID has been sent on to the server a long time ago, and has granted you access - unless it is less than 40K ago, should be safe. But then, you know your login-id and password - right. You cannot reach another instance of the HTML parser - unless the silly sodd runs Windows.
I... It... What? Client is irrelevant to this!? I.... need a $beverage
-
do not argue with the angry men. smile, nod, and leave without saying anything. it's for the best. (because Murder 1 means you no get Internet anymore)
All I'm gonna say is that you can get probably get satellite internet in a cabin in Montana.
-
All I'm gonna say is that you can get probably get satellite internet in a cabin in Montana.
and deal with winter in Montanna? FRACK THAT!
I think it would be mercy killing not murder....
i would agree with that. no so sure about the DA
-
and deal with winter in Montanna? FRACK THAT!
I thought that was more in the Dakotas these days?
-
i would agree with that. no so sure about the DA
mmmh, true. Could I hack his heartbleed-shellshock vulnerable computer and use it for... nefarious purposes? :P That's legal right?
-
-
-
NOTA BENE: i do NOT endorse such an action.
I would like to hear all the details of what happens should you, against my explicit recommendation, perform such an action.
-
NOTA BENE: i do NOT endorse such an action.
I would like to hear all the details of what happens should you, against my explicit recommendation, perform such an action.
Haha.
I would, but too lazy. Much easier to discuss it on a forum dedicated to concentrated stupidity...
-
I like how the guy assumes that Windows doesn't have ACL's, that privilege escalation is impossible, that vulnerabilities are exclusive to userland, and then rattles off a low-level summary of Unix functionality as if he were a
man
page.
-
and deal with winter in Montanna? FRACK THAT!
Says the person who lives in Maine. (My credentials for this snark: two winters in far-upstate New York, and one in Green Bay, not to mention a bunch in the Berkshires of Massachusetts.)
-
And that's why I stopped that discussion. He has no idea what he's talking about. Or he's just copy-pasting terms from random man pages. Or both. Probably both.
-
/cliche:
Never argue with an idiot. They'll drag you down to their level and then beat you with experience.
-
Says the person who lives in Maine. (My credentials for this snark: two winters in far-upstate New York, and one in Green Bay, not to mention a bunch in the Berkshires of Massachusetts.)
Nop. not taking the troll bait. ;-)
-
you can get probably get satellite internet in a cabin in Montana
-
It looks like you're arguing with a Markov chain bot.
-
With nasal demons.
-
It looks like you're arguing with a Markov chain bot.
That would be my first guess as well, but the sentences make sense from a grammatical point of view. It's either a really good bot or a really stupid human...
-
https://www.youtube.com/watch?v=aKShnpOXqn0
https://www.youtube.com/watch?v=rE5dW3BTpn4
just incase anyone hasn't head a good explanation of shellshock and heartbleed yet....
-
It's either a really good bot or a really stupid human...
Perhaps both.
-
It looks like you're arguing with a Markov chain bot.
[clippy.jpg]
Would you like some help?
-
.... Blakey....?!
like.... OUR BLAKEY?!
:shock:
:fainted:
-
-
How does a paper with one name on it get away with using "we"?
-
-
I'm not sure if you're saying an unattributed ghost contributed or if you have multiple-personality disorder.
-
Right click image -> Search on Google
-
Coincidentally, this is one of the images that the search returns:
-
Right click image -> Search on Google
Ha! Well played. I didn't even realize that's what that was, and I managed to muddle through almost three paragraphs.
-
Markov chain papers...
What will they think of next? Markov gain politicians?
Oh... Wait.. US congress......
-
Where is Montanna?
-
Hannah
-
...on the Savannah?
-
-
The way I see it, arguing with idiots is a spiritual exercise for many people. For me it is an exercise in exposing them, and laying bare their accountability for their stupidity, unless they publicly realise they're wrong, like y'know, grownups.
I don't have the expertise for an understanding of heartbleed, but I recall a likening to a keyhole. You can't necessarily get in, but you can see through it. If true, I still say it's a vulnerability.
-
Well, a computer is something everyone has now, so every idiot thinks that they need to have an opinion about. But this is not new, the same happens with cars and butt-holes. There's a Spanish saying:
Las opiniones son como los culos, todos tienen uno.
Which kind of translates to: asses and opinions, everyone has one.
-
Developing Congestion Control and Internet QoS with Nom
Nom!
http://cdn.cutestpaw.com/wp-content/uploads/2012/01/Om-nom-nom...-I-luv-da-corn-l.jpg
-
Are you saying that this linux can run on a computer without windows underneath it, at all ? As in, without a boot disk, without any drivers, and without any services ?
That sounds preposterous to me.
If it were true (and I doubt it), then companies would be selling computers without a windows. This clearly is not happening, so there must be some error in your calculations. I hope you realise that windows is more than just Office ? Its a whole system that runs the computer from start to finish, and that is a very difficult thing to acheive. A lot of people dont realise this.
Microsoft just spent $9 billion and many years to create Vista, so it does not sound reasonable that some new alternative could just snap into existence overnight like that. It would take billions of dollars and a massive effort to achieve. IBM tried, and spent a huge amount of money developing OS/2 but could never keep up with Windows. Apple tried to create their own system for years, but finally gave up recently and moved to Intel and Microsoft.
Its just not possible that a freeware like the Linux could be extended to the point where it runs the entire computer fron start to finish, without using some of the more critical parts of windows. Not possible.
I think you need to re-examine your assumptions.
-
I... MY GOGGLES!!!
-
I've seen this before, but can't remember where
-
I found it on this weird forum. The original source is long dead, sadly.
-
If it were true (and I doubt it), then companies would be selling computers without a windows. This clearly is not happening, so there must be some error in your calculations. I hope you realise that windows is more than just Office ? Its a whole system that runs the computer from start to finish, and that is a very difficult thing to acheive. A lot of people dont realise this.
2007 called - it wants its idiocy back...
I've seen this before, but can't remember where
ZDNet. Or one of the hundreds of places that C&P'd it before that original link died.
-
Dude, trolls/idiots have copyrights too.
At least link to the source. Which ZDNet seems to have deleted so... whatever I guess.
Point is, don't just steal people's text without at least mentioning you're taking it from somewhere else, you ass.
-
The way I see it, arguing with idiots is a
spiritual exerciseuseless pastime for many people.FTFY
Never argue with a fool, onlookers may not be able to tell the difference.
Never argue with an idiot. They will only bring you down to their level and beat you with experience.
-
Apple tried to create their own system for years, but finally gave up recently and moved to Intel and Microsoft.
That's my favorite part of the whole thing.
-
There's a Spanish saying:
Las opiniones son como los culos, todos tienen uno.
Which kind of translates to: asses and opinions, everyone has one.
The American version goes:
Opinions are like butt holes: everyone has one, and they all stink.
-
/cliche:
Never argue with an idiot. They'll drag you down to their level and then beat you with experience.
There are only 2 ways of properly handling an idiot:
- Shoot them;
- Walk away.
Both are recommended. ;-)
Anything else eventually leads to the cliche above.
INB4: CBA to get the accent on the e in cliche.
-
There are only 2 ways of properly handling an idiot:
- Shoot them
- Walk away.
It is advised that the order of those options be reversed. Only resort to shooting when walking away is not effective.
CBA to get the accent on the e in cliche.
é
= é