Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Journal FortKnox's Journal: Slashcode Vulnerability Has Stayed Silent? 6

Looks like the slashcode vulnerability which I discussed in this journal entry, which points out jamie's response seems to not be important enough for the front page of slashdot, or any story on slashdot at all.

So MS exploits and other open source exploits can be pointed out (and mocked, for MS), but we'll keep our trap shut for our own bugs??

I'll be sure to point out this journal entry the next time Slashdot decides to bash MS, you can be sure of it.

Before you freak about the jamie link, slashdot seems to be swallowing the "&cid", here's the link printed out:
This discussion has been archived. No new comments can be posted.

Slashcode Vulnerability Has Stayed Silent?

Comments Filter:
  • Jamie made a post to bugtraq responding to the one made earlier yesterday. 2-07/0013.html []

    It seems the bug was not in the current slash release, only the release under development. Which raises the question, why is slashdot running the most recent development release, not the current release? Are we users their testers? Do they depend on the large number of trolls here to exploit those holes so they can weed them out?

    Also, most slashdot editors know the deal with reporting holes. I dont think I've seen them criticize someone for quietly going to the vendor first (Microsoft or otherwise), but I have seen them criticize those who flat out go public right away. It's mostly the others (regular users & Michael) who make fun of MS every chance they get, no matter how much notice MS had or didnt have.

    Also - thinking about that html href trouble -- I wonder if by having the ampersand, the filter chokes. The fix they just made was for an exploit that depended on an ampersand within a html tag. hmmm......
  • Ran a story about it, perhaps slashdot's personal codebase was not vulnerable, and therefore did not warrant mention here. Taco has mentioned several times that /. is running a modifided slashcode that is tweaked and optimized for VA's tastes
  • I have this problem with Netscape 6, but with none of the other browsers I've used. (Opera, IE5.5sp2, NS 4.7) I tried it like this: and it worked fine. it translated the & to an & when I submitted.

"Look! There! Evil!.. pure and simple, total evil from the Eighth Dimension!" -- Buckaroo Banzai