1. 15
  1.  

  2. 5

    The page makes fun of companies using vulnerabilities to advertise themselves. But this is actually a real vulnerability (though I don’t know how exploitable it is in practice), and the page actually does advertise the company that found the vulnerability, many times. So their parody rings false to me.

    It feels less like they are trying to actually make a point about the publicizing of vulnerabilities, and more like they are trying to get away with publicizing themselves as much as possible. They are saying “isn’t that practice stupid?” while doing it anyway, in earnest.

    1. 4

      But it’s funny.

    2. 4

      We’ve reached peak vulnerability PR.

      1. 2

        “A global passive adversary like the NSA can spoof a reply to this DNS request" — no, the thing that makes a passive adversary passive is that they don’t transmit any packets, spoofed or otherwise. I mean, yes, if they’re global, they have the information to spoof a reply. But if they actually do so, they become an active adversary, which is capable of more powerful attacks, but is also at risk of detection.

        That said, upgrade your MySQL libs.