that bug was so egregious, it demonstrates a rare level of incompetence
I wish so much this was true, but it super isn’t. Some of the recent Cisco security flaws are just so brain-dead stupid you wonder if they have any internal quality control at all… and, well, there was the Crowdstrike thing…
Idk, this was kind of a rare combination of “write secure function; proceed to ignore secure function and rawdog strings instead” + “it can be exploited by entering a string with a semicolon”. Neither of those are anything near as egregious as a use after free or buffer overflow. I get programming is hard but like, yikes. It should have been caught on both ends
Welp never buying anything D-Link ever again
Because they won’t support routers that were EOL a decade ago?
Companies should be forced to release all source code for products that are “EOL”. I will never change my mind on this.
Because that bug was so egregious, it demonstrates a rare level of incompetence.
I wish so much this was true, but it super isn’t. Some of the recent Cisco security flaws are just so brain-dead stupid you wonder if they have any internal quality control at all… and, well, there was the Crowdstrike thing…
Idk, this was kind of a rare combination of “write secure function; proceed to ignore secure function and rawdog strings instead” + “it can be exploited by entering a string with a semicolon”. Neither of those are anything near as egregious as a use after free or buffer overflow. I get programming is hard but like, yikes. It should have been caught on both ends
May 1st 2024 was a decade ago? (The article has a list and only two are old as you mention, though not quite a decade yet)