Slashcode Vulnerability Has Stayed Silent? - Slashdot

Catch up on stories from the past week (and beyond) at the Slashdot story archive

×

Journal FortKnox's Journal: Slashcode Vulnerability Has Stayed Silent? 6

Journal by FortKnox on Wednesday July 03, 2002 @09:23AM

Looks like the slashcode vulnerability which I discussed in this journal entry, which points out jamie's response seems to not be important enough for the front page of slashdot, or any story on slashdot at all.

So MS exploits and other open source exploits can be pointed out (and mocked, for MS), but we'll keep our trap shut for our own bugs??

I'll be sure to point out this journal entry the next time Slashdot decides to bash MS, you can be sure of it.

Before you freak about the jamie link, slashdot seems to be swallowing the "&cid", here's the link printed out:
http://slashdot.org/comments.pl?sid=35258&cid=3807153

This discussion has been archived. No new comments can be posted.

Slashcode Vulnerability Has Stayed Silent?

Load All Comments

Search 6 Comments Log In/Create an Account

Comments Filter:

jamie spoke on bugtraq (Score:1)

by jeffy124 ( 453342 ) writes:

Jamie made a post to bugtraq responding to the one made earlier yesterday. http://archives.neohapsis.com/archives/bugtraq/200 2-07/0013.html [neohapsis.com]

It seems the bug was not in the current slash release, only the release under development. Which raises the question, why is slashdot running the most recent development release, not the current release? Are we users their testers? Do they depend on the large number of trolls here to exploit those holes so they can weed them out?

Also, most slashdot editors know the deal with reporting holes. I dont think I've seen them criticize someone for quietly going to the vendor first (Microsoft or otherwise), but I have seen them criticize those who flat out go public right away. It's mostly the others (regular users & Michael) who make fun of MS every chance they get, no matter how much notice MS had or didnt have.

Also - thinking about that html href trouble -- I wonder if by having the ampersand, the filter chokes. The fix they just made was for an exploit that depended on an ampersand within a html tag. hmmm......
Slashcode.com... (Score:1)

by bofkentucky ( 555107 ) writes:

Ran a story about it, perhaps slashdot's personal codebase was not vulnerable, and therefore did not warrant mention here. Taco has mentioned several times that /. is running a modifided slashcode that is tweaked and optimized for VA's tastes
- Re:Slashcode.com... (Score:1)
  
  by FortKnox ( 169099 ) writes:
  
  Slashdot's personal codebase is the reason the bug was found. Trolls were exploiting it. Read my previous journal. Some comments explain what happened.
amps in links (Score:2)

by TechnoLust ( 528463 ) writes:

I have this problem with Netscape 6, but with none of the other browsers I've used. (Opera, IE5.5sp2, NS 4.7) I tried it like this: ...pl?sid=XXXXXX&cid=YYYYY and it worked fine. it translated the & to an & when I submitted.

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Scientists will study your brain to learn more about your distant cousin, Man.