Gentoo Archives: gentoo-user

From: Harry Putnam <reader@×××××××.com>
To: gentoo-user@l.g.o
Subject: [gentoo-user] Re: [OT/rant] Self-replicating programmer stupidity
Date: Fri, 24 Jun 2011 01:13:37
Message-Id: 8762nwavih.fsf@newsguy.com
In Reply to: [gentoo-user] [OT/rant] Self-replicating programmer stupidity by walt
1 walt <w41ter@×××××.com> writes:
2
3 > I've been reading the monthly security bulletin from sans.org for
4 > several years. During that time I've noticed some recurring themes,
5 > including multiple appearances from Adobe products like Flash.
6 >
7 > Another recurring theme is ftp servers (of which there are dozens)
8 > like this month's report:
9 >
10 > Platform: Cross Platform
11 > Title: Wing FTP Server "ssh public key" Authentication Security Bypass
12 > Vulnerability
13 > Description: Wing FTP Server is a secure file server for Windows, Linux,
14 > Mac, FreeBSD and Solaris. Wing FTP Server is exposed to a security bypass
15 > issue that affects the SSH authentication mechanism. Versions prior to
16 > Wing FTP Server 3.8.8 are affected.
17 > Ref: http://www.securityfocus.com/bid/48335/info
18 >
19 > Mind you, this is the first time I've seen Wing mentioned, but over the
20 > years there have been dozens of other ftp servers cited for other flaws
21 > in security.
22 >
23 > My question: WTF uses these poorly written ftp servers? Why do they
24 > exist? Who asked for them? Who wrote the code, and why?
25 >
26 > My tentative guess: either evil programmers, or incompetent programmers.
27 > (I suspect the intersection of the two sets is very small.)
28 >
29 > Many years ago when I was still using M$ Windows I wrote my own hex
30 > editor in Visual Basic. I can't explain why I chose to do it, other
31 > than as an exercise to learn Visual Basic. (I haven't used it since.)
32 >
33 > I'm quite certain that my hex editor would flunk even the most basic
34 > security tests today because I wasn't programming with security in mind.
35 > (In other words, I was the rankest of amateurs.)
36 >
37 > I'm running out of indignation now, and going to bed, but I'd welcome
38 > other indignant comments :)
39
40 Egad, such foolishness. What's wrong with them...
41
42 (How did I do for indignant? ; ) )