Slashdot Mirror
OpenSSH Vulnerability Discovered
farker haiku writes "Those of you who haven't heard of the metasploit project, it's an open source product for performing security audits. This time they've managed to find a remote buffer overflow in OpenSSH. Ya'll might want to read the link and then do whatever updating is necessary." It's unfortunate that something like this gets released today since nobody will bother to patch.
My stomach had a couple of buffer overflows last-night. It was sploited by Arthur Guinness, well known for his ingenious bowel movement exploits.
It may take a life time to fix this vulnerability :(
Simon
C'mon, I dare you to send 1025 beers my way!
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
I don't know...if my buffer was overflowed with 1025 beers, I might not care about the pink....
then again I might not care about much at all at that point
Cheers!
I guess that this will only allow the sending of one kilobeer.
sudo mod me up
This exploit has been found to be connected to a flaw in the Beer.h library. Work to resolve this issue will be resumed shortly after those responsible are sober again.
Random complaining about April Fools. Mentioning that somehow my pathetic Slashbot life is above April Fools. Pretending that this somehow really inconviences me. Random ranting about the quality of Slashdot having degenerated. Not noting that I still seem to be here despite the supposed quality drop. More ranting, possibly about the current article. Protesting the personal problems this story has caused me. Indicating through my lack of a sense of humor that I must be from Finland. More random complaints, followed by a lack of the irony that I am so pathetic to take this joke personally.
----
-Signiture as unamusing as the current slashdot story.
Theo deRaadt kicked out of the OpenBSD project. Finally.
This one actually fooled me. Fifteen LOL's and one in normal English - brilliant.
Using the recently discovered openssh hole, hackers^Wvandales defaced the slashdot.jp page, and changed the new pink color scheme back to the old ugly green theme. Management of slashdot was not available for comment.
--
me spell? me not even now eigo.
Look, it's not funny anymore. No more April Fools jokes! OK!
The really unfunny thing is that this is _so_ obviously an April
Fools joke, that's it's not even remotely funny. At least the "UK
Government shutting down GSM" was a plausible story, but this...
Sheesh!
return 0; }
LINUX DEVELOPERS!! Look what you've done with your software now!!! You've put out the Sun!!!!
OMG lol you almost got me there for a second, i was rushing to patch my box but then i fi-#$!#@$%#@^&%
NO CARRIER
I grew up with kilobytes, megabytes and gigabytes being multiples of 1024. While kilohertz, megahertz, and gigahertz being multiples of 1000. I grew up during the '90s. Normally I would post this as AC, but it's April fools day so I will post it normally (might get an insightful).
sudo mod me up
Obligatory claim to be sick of this type of rant. Nitpicking of missing characteristics tied cleverly into a logical ambush that others visit anyway. Faux disgust at perceived "racist" joke". Redundant yet Insightful reminder that you aren't forced to come here. Lone two-word expletive and/or insult and/or personality criticism whose position and abruptness will surely send parent into depression.
Have they been alerted of this vulnerability, or has it happened already?
but certainly not a +1 funny ;)
I don't read your sig, why do you read mine?
On behalf of the huge number of us who chuckled after the first couple of stories and now want to vomit and find another temporary news site for today...Please, for the love of god, make an option on the front page so you can turn off the April Fools stories and actually get real news. You are a news site, and while it is great to take part in this holiday and have some laughs, there's still plenty of actual news occuring and it pisses a great many of us off that we now have to go to alternate sources to hunt for it. And while Digg has its fair share of 4/1 stories, it also still has real stories, so I will be directing my traffic there for the rest of the day.
I'd be really curious to see some Slashdot traffic numbers comparing March 31st, April 1st and April 2nd. Bet you would see a HUGE dip today right around the time people started to get real tired of the dumb lame posts. What amuses me is that the creative tags people have started giving these lame stories are often more amusing than the stories themselves.
Buy Steampunk Clothing Online!
Thinking about how common it is for an average slashdotter to RTFA, this could actually lead to people blindly jumping into their car and speeding away to "patch those boxxors". Nice one!
I must admit from reading the title my heart missed a beat. Theres's gotta be something real on 1.april, no ?
Doolittle :
Bomb no.20 : To explode of course.
http://slashdot.jp/security/article.pl?sid=06/03/3 1/0518253
Guess what two of the posts say. April fool. No. I don't read Japanese. The only words in English on that website is April fool.
Ooo man the floppy drive is broken. No wait. The computer is just upside down.
No reason to worry - just use iptables:
iptables -I INPUT 1 -mlength --length 0:1024 --protocol beer -j DONTPAY
Theo de Raadt announces he intends to become a monk.
Unfortunately, a megabyte in a file size means 1024*1024 bytes, a megabyte capacity of a hard disk means 1000*1000 bytes, a 1.44 MB floppy has 1024*1000 bytes, and a 1 megabit per second data transfer rate is 1000*1000 bits per second. And of course, there are the usual meanings of kilo-, mega-, and giga- when used with almost all SI units.
You may not like the "mebibyte" and "gibibyte" names, but you've got to admit that the whole thing is a mess and something needs to be done to resolve the confusion.
No joke from Google this year?
There really is no mess. SI just needs to accept the de facto norm that the base and exponent of the multiplier of a prefix depends on the unit it prefixes.
So, for all traditional physical units:
k : base = 10 , exponent = 3, M: base = 10, exponent = 6, etc
For bits and bytes etc:
k: base = 2, exponent = 10, M: base = 2, exponent = 20, etc
Simple. No bibology or kibology or any other sillyness needed.
-Lasse
"k: base = 2, exponent = 10, M: base = 2, exponent = 20, etc
Simple"
It migth be not so simple when even the proponent (aka "you") isn't able to apropiately manage the numbers, don't you think so?
How the heck can you use an "exponent 20" when you are working base2? Remember, within base2, the number 2 is the forbidden one: only ones and zeroes allowed.
Hey, lighten up! It's still not as bad as a drawing of Muhammad, now is it?
-Lasse
APRIL FOOLS!
sic
Whoops! Please allow me to correct the apostrophe misplacement:
3. Theo enjoys the monk's very good beer
-- "At Microsoft, quality is job 1.1" -- PC Magazine, Nov. 1994
Soviet Russia Joke employing content from the above post and YOU.
GENERATION 26: The first time you see this, copy it into your sig on any forum and add 1 to the generation.
At least this one got me to click on the link. "Well, if a new exploit was just discovered, they'd tell us, even though it's April Fool's..." I still want to stab Taco with a fork for that stupid AOL-speak shit, though.
Laws do not persuade just because they threaten. --Seneca
May I suggest you change your name though simple transpositioning to stubidoratto? It would be more fitting.
Using your logic, everything is base 10, because whenever the word base is used, noone expects decimal numbers, right?
-Lasse
"Always be ready to speak your mind and a base man will avoid you." (William Blake)
if that's a real SSH hole, they should no better than to release warnings on April 1st.
gigantino.tv - Heavy but weighs nothing.
Request to moderators to lift score of parent.
Read more of this story at Slashdot.Read more of this story at Slashdot.Read more of this story at Slashdot.