Comments on: False sense of security http://akahele.org/2009/09/false-sense-of-security/ Cautious web criticism Mon, 14 Jun 2010 09:36:44 -0700 http://wordpress.org/?v=2.8.4 hourly 1 By: Prashanth http://akahele.org/2009/09/false-sense-of-security/comment-page-1/#comment-2117 Prashanth Sat, 19 Sep 2009 15:18:52 +0000 http://akahele.org/?p=1125#comment-2117 Give me one bugless software, and I shall give you Web 3.0. Give me one bugless software, and I shall give you Web 3.0.

]]> By: Nihiltres http://akahele.org/2009/09/false-sense-of-security/comment-page-1/#comment-2106 Nihiltres Wed, 16 Sep 2009 02:29:28 +0000 http://akahele.org/?p=1125#comment-2106 @Gregory Kohs: while "All software has bugs" is logically false, the only reason that that's the case is because the version of the statement there is so overgeneral. Perhaps a more strictly accurate way of saying it would be "Software which takes significant open-ended input and configuration and has a reasonable degree of complexity is highly likely to have bugs unforseeable by anyone of human-level intelligence, assuming for simplicity that they understand the programming language(s) at hand." Your Bethlehem program, for example, presumably didn't require input or configuration—making its programming vastly simpler—imperative programs are extremely less complex than their conditional counterparts. Of course, that's beside the point, seeing as the report mentioned doesn't identify any extant vulnerabilities in MediaWiki. Perhaps Judd Bagley should be more worried about, say, <a href="http://www.computerworld.com/s/article/9138007/Microsoft_No_TCP_IP_patches_for_you_XP" rel="nofollow">widely-used operating systems</a>. :) @Gregory Kohs: while “All software has bugs” is logically false, the only reason that that’s the case is because the version of the statement there is so overgeneral. Perhaps a more strictly accurate way of saying it would be “Software which takes significant open-ended input and configuration and has a reasonable degree of complexity is highly likely to have bugs unforseeable by anyone of human-level intelligence, assuming for simplicity that they understand the programming language(s) at hand.” Your Bethlehem program, for example, presumably didn’t require input or configuration—making its programming vastly simpler—imperative programs are extremely less complex than their conditional counterparts.

Of course, that’s beside the point, seeing as the report mentioned doesn’t identify any extant vulnerabilities in MediaWiki. Perhaps Judd Bagley should be more worried about, say, widely-used operating systems. :)

]]> By: Gregory Kohs http://akahele.org/2009/09/false-sense-of-security/comment-page-1/#comment-2105 Gregory Kohs Wed, 16 Sep 2009 00:15:03 +0000 http://akahele.org/?p=1125#comment-2105 "All software has bugs" is not a true statement. I wrote a pretty mean Basic program on my TI-99/4A computer when I was about 12 years old -- it was a "music video" to "O Little Town of Bethlehem". You should have seen how the Star of David came out at the end and twinkled. Not a single bug in that program. Storage medium for this software? Audio cassette tape. Those were the days. “All software has bugs” is not a true statement. I wrote a pretty mean Basic program on my TI-99/4A computer when I was about 12 years old — it was a “music video” to “O Little Town of Bethlehem”. You should have seen how the Star of David came out at the end and twinkled. Not a single bug in that program. Storage medium for this software? Audio cassette tape. Those were the days.

]]> By: * (Person gave an asterisk as their identity) http://akahele.org/2009/09/false-sense-of-security/comment-page-1/#comment-2104 * (Person gave an asterisk as their identity) Tue, 15 Sep 2009 21:39:10 +0000 http://akahele.org/?p=1125#comment-2104 Last mediawiki versions are not vulnerable. See the versions affected but that "most recent vulnerability". Last version is 1.15.1 (and having the installer accessible is uncommon). Does this mean it's completely safe? Of course not. All software has bugs. A more interesting measure would be the time taken to fix the vulnerabilities, not just the number of bugs which were identified over time. Open Source usually performs better on this side. Last mediawiki versions are not vulnerable. See the versions affected but that “most recent vulnerability”. Last version is 1.15.1 (and having the installer accessible is uncommon).

Does this mean it’s completely safe? Of course not. All software has bugs.

A more interesting measure would be the time taken to fix the vulnerabilities, not just the number of bugs which were identified over time.

Open Source usually performs better on this side.

]]> By: Jon Awbrey http://akahele.org/2009/09/false-sense-of-security/comment-page-1/#comment-2103 Jon Awbrey Tue, 15 Sep 2009 18:15:55 +0000 http://akahele.org/?p=1125#comment-2103 Φui! I can't φunction without a preview button! Ja Ja Φui! I can’t φunction without a preview button!

Ja Ja

]]> By: Jon Awbrey http://akahele.org/2009/09/false-sense-of-security/comment-page-1/#comment-2102 Jon Awbrey Tue, 15 Sep 2009 18:08:28 +0000 http://akahele.org/?p=1125#comment-2102 Your Friendly <a href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0737" rel="nofollow">Nøøberhøød VD Advisor</a> Says: <b><i>Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism</i></b> There's a lesson in that … Ja Ja http://wikipediareview.com/smilys0b23ax56/default/boing.gif Your Friendly Nøøberhøød VD Advisor Says:

Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism

There’s a lesson in that …

Ja Ja http://wikipediareview.com/smilys0b23ax56/default/boing.gif

]]>