http://www.perlmonks.org?node_id=1061935


in reply to Re^4: Patch an old Perl version
in thread Patch an old Perl version

I do not believe it is responsible to reveal the attack key set at this time.

If you attack a url on my machine; I'm the only one who could see the key set. You're accusing me of being a risk.

With the rise and rise of 'Social' network sites: 'Computers are making people easier to use everyday'
Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error.
"Science is about questioning the status quo. Questioning authority".
In the absence of evidence, opinion is indistinguishable from prejudice.

Replies are listed 'Best First'.
Re^6: Patch an old Perl version
by Discipulus (Canon) on Nov 11, 2013 at 09:02 UTC
    very interesting. As yet admitted, the technical points of this discussion are, by far, deeper to reach for me. But..
    in my serendipity perl experience i ever though Perl had not to be patched: may be upgraded but was not something like a browser (a new minor release every 20 requests...).

    Now i read about an obscure bug about HASH implementation: uh i'm interested! i use old CGIs, my programs use many complex data structures, and i like a lot hashes (quite often i end with stuff like: ${ $first{second}{third} }->[23] ).
    ok. good guy spotted the bug and realesed a patch. normally i download it, read some instruction, and apply it. Seems this is not that case. Better a full upgrade. to be sure.

    BrowserUK: i read carefully many of your posts and i trust you as many other monks here. I learned that your posts, many times, seems like porcupines in a morbid wool thread: but this appearence is not due to a polemic spirit but to a critic one. You think with your brain and before you accept some explication you need to be convinced yourself and prove it. this is the rigth approach of scientinst and many times your dissentient affirmations putted me on a safer way.

    That said, on the other side, in the learning process, is fundamental to trust the 'master' or the 'teacher' or the 'book' (as you prefear). I'm happy that demerphq and other peoples had not shouted on the net about the feasibilty of an hash or rehash attack: i don't want a pletora of bots be in queue in front of my 80 doors.. i prefear the vulnerabilty be known when my son will use Perl 6.8.

    thanks to all for the intersting discussion.

    L*
    There are no rules, there are no thumbs..
    Reinvent the wheel, then learn The Wheel; may be one day you reinvent one of THE WHEELS.
[reply]
[d/l]
[select]
      in the learning process, is fundamental to trust the 'master' or the 'teacher' or the 'book'

      I'm not learning here, I'm challenging. See the last two lines of my sig.

      With the rise and rise of 'Social' network sites: 'Computers are making people easier to use everyday'
      Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error.
      "Science is about questioning the status quo. Questioning authority".
      In the absence of evidence, opinion is indistinguishable from prejudice.
[reply]

        Learning would be reading all the publicly printed material on this attack and then using it to generate an attack key set on your own. That is what most clever people would do when someone told them "yes this is possible".

        But you seem to be so stuck on your belief it can't exist that you haven't even tried. That isn't learning, nor is it challenging, it is just sad.

        ---
        $world=~s/war/peace/g

[reply]

In Section Seekers of Perl Wisdom