Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?
Get HideMyAss! VPN, PC Mag's Top 10 VPNs of 2016 for 55% off for a Limited Time ×

Journal FortKnox's Journal: Slashcode Vulnerability Has Stayed Silent? 6

Looks like the slashcode vulnerability which I discussed in this journal entry, which points out jamie's response seems to not be important enough for the front page of slashdot, or any story on slashdot at all.

So MS exploits and other open source exploits can be pointed out (and mocked, for MS), but we'll keep our trap shut for our own bugs??

I'll be sure to point out this journal entry the next time Slashdot decides to bash MS, you can be sure of it.

Before you freak about the jamie link, slashdot seems to be swallowing the "&cid", here's the link printed out:
This discussion has been archived. No new comments can be posted.

Slashcode Vulnerability Has Stayed Silent?

Comments Filter:
  • Jamie made a post to bugtraq responding to the one made earlier yesterday. 2-07/0013.html []

    It seems the bug was not in the current slash release, only the release under development. Which raises the question, why is slashdot running the most recent development release, not the current release? Are we users their testers? Do they depend on the large number of trolls here to exploit those holes so they can weed them out?

    Also, most slashdot editors know the deal with reporting holes. I dont think I've seen them criticize someone for quietly going to the vendor first (Microsoft or otherwise), but I have seen them criticize those who flat out go public right away. It's mostly the others (regular users & Michael) who make fun of MS every chance they get, no matter how much notice MS had or didnt have.

    Also - thinking about that html href trouble -- I wonder if by having the ampersand, the filter chokes. The fix they just made was for an exploit that depended on an ampersand within a html tag. hmmm......
  • Ran a story about it, perhaps slashdot's personal codebase was not vulnerable, and therefore did not warrant mention here. Taco has mentioned several times that /. is running a modifided slashcode that is tweaked and optimized for VA's tastes
  • I have this problem with Netscape 6, but with none of the other browsers I've used. (Opera, IE5.5sp2, NS 4.7) I tried it like this: and it worked fine. it translated the & to an & when I submitted.

Those who can, do; those who can't, write. Those who can't write work for the Bell Labs Record.