To whoever hacked into my Database

Νίκος Αλεξόπουλος nikos.gr33k at gmail.com
Sun Nov 10 11:32:50 CET 2013


Στις 10/11/2013 12:20 πμ, ο/η Chris Angelico έγραψε:
> On Sun, Nov 10, 2013 at 2:32 AM, Antoon Pardon
> <antoon.pardon at rece.vub.ac.be> wrote:
>>> And i had until i made some new changes last night, which i think i have corrected now as we speak.
>>
>> Continuing the arrogance.
>
> Just to put that in perspective, by the way: *EVERYONE* writes
> vulnerable code. Even Python itself has been found to have had
> significant exploits (hash randomization had to get backported a long
> way). There's nothing wrong with fixing security bugs; there's not
> even a lot wrong with the iterative process of "find bug, fix bug,
> find another bug, fix another bug". There are two major problems with
> what you did here, Nikos, and they are:
>
> 1) Starting with a hopelessly insecure system and then trying to
> band-aid patch it one vulnerability at a time, which is folly; and
>
> 2) Boasting that your system was now secure.
>
> The main issue is the boasting, which is utterly unwarranted
> arrogance. All you have to do is look at how, after boasting
> previously, you were provably vulnerable - which means that you
> clearly still had problems while you were boasting. A more humble
> attitude of "Oops, well, that's fixed now" without saying "Ha ha, now
> try to break THAT, I'm oh so perfect now" would suit you far better,
> based on your history.
>
> ChrisA
>


Ha, ha ha!
I'm safe now!!

No breaks in this time!



More information about the Python-list mailing list