Hacker News new | ask | show | jobs
by hadoukenio 4287 days ago
I don't think it's overblown.

If you run a web server that generates its own CAPTCHA using something like ImageMagick, or call system() to gzip something, you could possibly be vulnerable.

Never underestimate vulnerabilities and the way people can use them, or even combine them, to exploit systems.
1 comments
antocv 4287 days ago
> or call system() to gzip something

Are you serious, who the hell does that!?

Any half-assed language has a zip implementation, use that. Any non-boring language has image-magick binding to that library.

This bug affects complete idiots.

link
seanp2k2 4287 days ago
>This bug affects complete idiots

Consider how many people touch an enterprise system, or even a system at a smaller shop. Consider how many people touch shared hosting servers or even dedicated boxes.

Do /you/ trust all of them, along with all the authors of all the software exposed to the web (or touched by something exposed to the web) on that system?

link
devicenull 4287 days ago
On shared hosting systems, you have to design the system with the assumption that someone is always compromised. So, additional accounts getting compromised should just be business as usual.

Seriously, if you're on shared hosting, it's almost certain that at least one person on the server is compromised/malicious

link