Announcement

Collapse
No announcement yet.

BG is infected

Collapse
X
Collapse
 
  • Page of 5
  • Filter
  • Time
  • Show
Clear All
new posts
Previous 1 2 3 4 5 template Next
  • Feba
    replied
    Re: BG is infected

    I'm not sure how to deal with that kind of statement, but I'll try my best:

    I'm rubber and you're glue!


    Would someone who is used to dealing with a complete and total lack of logic please help me out here? Some of you are parents, right?
    • Thanks 0

    Leave a comment:

  • Raydeus
    replied
    Re: BG is infected

    I'm right, Feba's wrong. The usual really.
    • Thanks 0

    Leave a comment:

  • Taskmage
    replied
    Re: BG is infected

    Originally posted by Raydeus View Post
    We were just killing some time on a friendly match? <_<
    Originally posted by Murphie View Post
    Which is unlike those other debates that totally go somewhere how?
    /shrug So long as we know where we stand ..
    • Thanks 0

    Leave a comment:

  • Feba
    replied
    Re: BG is infected

    Well, yes. But that's just because Kailea had no idea what he was talking about in the first place.
    • Thanks 0

    Leave a comment:

  • Mhurron
    replied
    Re: BG is infected

    Well, um, you know, um, there was that one time, wasn't there?
    • Thanks 0

    Leave a comment:

  • Feba
    replied
    Re: BG is infected

    It's not fictional?
    • Thanks 0

    Leave a comment:

  • Murphie
    replied
    Re: BG is infected

    Originally posted by Taskmage View Post
    This debate isn't really going anywhere, is it?
    Which is unlike those other debates that totally go somewhere how?
    • Thanks 0

    Leave a comment:

  • Mhurron
    replied
    Re: BG is infected

    Originally posted by Lunaryn View Post
    Looks from a brief examining that there's some room for argument over whether this is a vuln in PHP or in several PHP apps, but I have a good place to start now as far as addressing the matter. (And I'd lean toward faulting PHP, if only because they try to make things safe-ish elsewhere; PHP_SELF strikes me as something that really should be guaranteed safe)
    It doesn't seem to be a direct fault in PHP, as far as you usually think of a fault in a piece of software, so much as a combination of poor programming (i.e. not validating inputs) and/or the fact that PHP docs and general accepted PHP programming encourage bad practices by either glossing over security concerns or simply ignoring them by presenting very insecure programming methods as examples of the right way to do PHP.

    PHP is often a self taught language, and many of the PHP books are just as bad as the official PHP docs. This has lead to an army of PHP sites that are vulnerable to god knows what by the way they were written, not necessarily because extension X has a buffer overflow.

    The best example of this is actually phpBB, which is the poster child for PHP apps being ripped apart because of poor programming. Unfortunately phpBB has become so popular on its own and as a basis for many other PHP based boards that even PHP programmers that do (or should) know about these issues also being bitten by these problems.
    • Thanks 0

    Leave a comment:

  • Feba
    replied
    Re: BG is infected

    Originally posted by Raydeus View Post
    but the decision to steal the car is all the thieves'
    And the decision to allow it to be stolen was with the person who left their keys in the ignition.
    • Thanks 0

    Leave a comment:

  • Raydeus
    replied
    Re: BG is infected

    Gah, this will be my last reply on the subject, I already replied to that. Let's just agree to disagree or something politically correct like that.

    Originally posted by Me
    There is a huge difference between not taking "enough" steps to prevent a crime and being at fault for it happening to you.
    It would've been stupid for someone to do that, but the decision to steal the car is all the thieves', if it's easier or not for them to do it is irrelevant for the purpose of this discussion.


    Edit >
    Originally posted by Taskmage View Post
    This debate isn't really going anywhere, is it?
    We were just killing some time on a friendly match? <_<
    • Thanks 0

    Leave a comment:

  • Taskmage
    replied
    Re: BG is infected

    This debate isn't really going anywhere, is it?
    • Thanks 0

    Leave a comment:

  • Feba
    replied
    Re: BG is infected

    Originally posted by Raydeus View Post
    And it still isn't the user's fault if someone decides to exploit a vulnerability (patched or not) in their system,
    "Or not"? Perhaps. It depends on if it requires some other incredibly stupid security flaw to have worked.

    If it is patched though? It is most certainly the user's fault.



    Let's say you loan a friend your car. He leaves it parked in a shady neighborhood, unlocked, and with the keys in the ignition. Do you say "no man, it's perfectly logical to leave the car unlocked and easy to use!", or do you get pissed because he did something retarded? Likewise with a person's own property, the decision to leave it open to criminals is retarded.
    • Thanks 0

    Leave a comment:

  • Raydeus
    replied
    Re: BG is infected

    Originally posted by Feba View Post
    So it is.

    If this was a matter of the records being attacked on SE's end using a zero day exploit? You'd be very much correct. In this case, though, it's the user's end, and for software that had been patched for weeks or even months. They have no expectation of security when browsing the web, it's their own fault.
    And it still isn't the user's fault if someone decides to exploit a vulnerability (patched or not) in their system, but there's no point on repeating what I've already posted. XD
    • Thanks 0

    Leave a comment:

  • Lunaryn
    replied
    Re: BG is infected

    Thanks. Looks from a brief examining that there's some room for argument over whether this is a vuln in PHP or in several PHP apps, but I have a good place to start now as far as addressing the matter. (And I'd lean toward faulting PHP, if only because they try to make things safe-ish elsewhere; PHP_SELF strikes me as something that really should be guaranteed safe)
    • Thanks 0

    Leave a comment:

  • Taskmage
    replied
    Re: BG is infected

    Here's what Mhurron told me, Lunaryn:
    Session Start (Taskmage:Mhurron): Fri Jun 13 12:51:16 2008
    [12:51] Mhurron: sup
    [12:51] Taskmage: Hey
    [12:51] Taskmage: Can you make any suggestions as to what we could do to make sure FFXIO doesn't become a host for that iframe?
    [12:52] Mhurron: the iframe is injected into sites by a XSS exploit found via google, at least thats how its been done in the past 6 months
    [12:53] Mhurron: often the first way to prevent it is to make sure that the backend software that is serving up a webboard doesn't have XSS exploits
    [12:54] Mhurron: if the web server is running Apache, and you can add apache modules, there is mod_security that is also supposed to help prevent common XSS methods
    [12:56] Mhurron: i don't know how invasive mod_security is though
    [12:58] Mhurron: there is also a PHP security module, if I can remember the name of the thing, but it can cause problems as it is somewhat invasive and strict in what it allows
    [12:58] Mhurron: both would require off line testing before it could be implimented
    [13:00] Taskmage: Ok, thanks. I'll do some research and make recommendations to PiNG.
    [13:00] Taskmage: I'm surprised how rampant this thing is getting. Want to make sure ..
    [13:00] Mhurron: it's not that suprising
    [13:00] Mhurron: the way sites are found is by combing google results
    [13:01] Mhurron: there's actually very little work beyond initial setup for the attackers
    [13:10] Mhurron: the PHP security extension is called suhosin Suhosin 0.9.21 - XSS Protection - PHP Security Blog
    Session Close (Mhurron): Fri Jun 13 14:20:41 2008
    • Thanks 0

    Leave a comment:

Previous 1 2 3 4 5 template Next
Working...
X