Forgot your password?

Comment: Re:Still waiting... (Score 1) 326

by cryptizard (#48019175) Attached to: Bash To Require Further Patching, As More Shellshock Holes Found
You can't sanitize anything, the web server sets the environment variables (based on the HTTP request) before your script can even run. Just invoking the shell causes the arbitrary code it execute. So maybe it is a problem with CGI or the Apache server, but that is how the standard was written and they are not doing anything "wrong".

Comment: Re:Ars Technica speculates? (Score 3, Informative) 208

by cryptizard (#48008585) Attached to: Apple Yet To Push Patch For "Shellshock" Bug
What are you talking about? It is completely factual and a valid point. Apple currently bundles 3.2.51, which is licensed under GPLv2. The patched version of bash is the new 4.3.25, which is licensed using GPLv3. Including it would change the license they are using, which I imagine takes some consideration.

Comment: Re: So everything is protected by a 4 digit passco (Score 1) 504

by cryptizard (#47953087) Attached to: Apple Will No Longer Unlock Most iPhones, iPads For Police
If by that you mean "all of us" because that is the case right now. The fact that you got +5 insightful is real proof that people around here are not as good at math as they think they are.

64-bit keys are considered pretty weak, but not trivial to break, so lets assume that you have a computer so fast you can break one of those keys every second, i.e. it does 2^64 key checks per second. Don't worry about the fact that it would take a computer a million times faster than the fastest super computer in existence now to do that, we're just estimating. Now, even with that ridiculously awesome super computer, it would still take you 10 times the lifetime of the universe to break a 128-bit key. So unless there is some theoretical break on the cipher, 128 bits is secure for a very, very long time to come.

Comment: Re:Slashdot comments indicative of the problem (Score 1) 1262

And no one is saying you can't acknowledge that. But it has been done to death. It is not a defense for the rapist. People for whom their first reaction to hearing a rape accusation is, "well, she shouldn't have been drinking that much/in that situation/wearing that" are a part of the problem. When they feel like they have to say that every time there is a discussion about rape, when everyone already knows, they are a bigger part of the problem. Of course you shouldn't go to a black neighborhood and pick a fight, but when you do and the police come afterwards, they are going to believe you and investigate the crime. Many times women don't even get that.

One small step for man, one giant stumble for mankind.