Slashdot Mirror
Firm To Release Database, Web Server 0-Days
krebsonsecurity writes "January promises to be a busy month for Web server and database administrators alike: A security research firm in Russia says it plans to release information about a slew of previously undocumented vulnerabilities in several widely-used commercial software products, including MySQL, Tivoli, IBM DB2, Sun Directory, and a host of others, writes krebsonsecurity.com. From the blog: 'After working with the vendors long enough, we've come to conclusion that, to put it simply, it is a waste of time. Now, we do not contact with vendors and do not support so-called "responsible disclosure" policy,' Legerov said."
Perhaps the firm is issuing a malicious DROP DATABASE T-SQL command, escaping through some unsanitized web query...
Or is the English language dying a painful death on /. as time passes. The past day's article summaries and headlines are a blend between Yoda backing off the chronic and the broken English that some toy assembly manuals convey.
Seriously, it took me three passes at reading this article headline to understand what the hell it meant. Maybe that's part of the entertainment value that I'm missing???
We're lucky Slashdot properly escapes its SQL input. Aa headline like "Firm to 'DROP DATABASE `web_server`" might otherwise result in havoc. :P
So let me get this straight. Slashdot validates their SQL input. But they don't validate their HTML conformance?
This guy should rename his name to Bobby Tables at the same time. Imagine the number of newspapers that would try to do a press release, but couldn't.
PS: wikipedia was complaint, its should applauded for its effort.
What have I done to deserve this pain?
I can't figure out if you came up against Muphry's Law there, or if Slashdot's parsing decided to do it for you...
(1)DOCOMEFROM!2~.2'~#1WHILE:1<-"'?.1$.2'~'"':1/.1$.2'~#0"$#65535'"$"'"'&.1$.2'~'#0$#65535'"$#0'~#32767$#1"