Elias MΓ₯rtensonLisp, Emacs, APL and a bunch of other stuff.
From Sweden, living in Singapore.
I always work on a bunch of projects. My current major ones are:
A graphical frontend to Maxima: https://github.com/lokedhs/maxima-client
Kap: An APL-based programming language: https://codeberg.org/loke/array
#lisp #commonlisp #apl #retrocomputing #linux #kap #climaxima #emacs #atari #fedi22
Elias MΓ₯rtensonI notice people posting about trying to get a job, so here's hoping that an appropriate candidate reads this.
My employer is looking for someone with devops skills (Linux, databses, networking and development) who's willing to work in Singapore.
The job involves supporting customers (mostly banks) running financial software.
Let me know if you want to know more.
Not sure what hashtag to use for this, so feel free to boost.
Elias MΓ₯rtensonHow do we justify the existence of CVE's and CVE scoring when CVE-2017-9735 gets a 7.5 (HIGH)?
I would love it if someone could explain to me why I'm wrong, because things like this takes attention away from real security issues.
This issue is caused by password verification using String.equals instead of a constant-time comparison function.
In the worst-case scenario, this can allow timing attacks to find the password, which sounds bad.
Except that the particular class where this happens is the password obfuscator that is used to obfuscate system passwords in the configuration files. It's used by the commandline tools that manage the server.
If you're in a situation where the only thing that stands between the attacker and a compromise of security on the system is this password, then something has gone really wrong already.
How is this a 7.5? Either I completely misunderstood the circumstances, or this is just someone overestimating the severity to enhance their own credibility?
#infosec