To whoever hacked into my Database
Chris Angelico
rosuav at gmail.com
Sat Nov 9 17:20:09 EST 2013
On Sun, Nov 10, 2013 at 2:32 AM, Antoon Pardon
<antoon.pardon at rece.vub.ac.be> wrote:
>> And i had until i made some new changes last night, which i think i have corrected now as we speak.
>
> Continuing the arrogance.
Just to put that in perspective, by the way: *EVERYONE* writes
vulnerable code. Even Python itself has been found to have had
significant exploits (hash randomization had to get backported a long
way). There's nothing wrong with fixing security bugs; there's not
even a lot wrong with the iterative process of "find bug, fix bug,
find another bug, fix another bug". There are two major problems with
what you did here, Nikos, and they are:
1) Starting with a hopelessly insecure system and then trying to
band-aid patch it one vulnerability at a time, which is folly; and
2) Boasting that your system was now secure.
The main issue is the boasting, which is utterly unwarranted
arrogance. All you have to do is look at how, after boasting
previously, you were provably vulnerable - which means that you
clearly still had problems while you were boasting. A more humble
attitude of "Oops, well, that's fixed now" without saying "Ha ha, now
try to break THAT, I'm oh so perfect now" would suit you far better,
based on your history.
ChrisA
More information about the Python-list
mailing list