new | ask | show | jobs
3kahg a day ago  [ - ]

It is the opposite. Security people focus on curl, sudo because they are code bases that contained a lot of features and unused code from the 1990s.

They don't focus on projects where they find nothing. They certainly don't advertise when they find nothing.

Getting a lot of scrutiny is not the recommendation that it appears to be. What is the new standard? Projects that never have bugs are deemed to be suspect because they "have not been scrutinized" (they have, but null results never go public)?

So Mythos only finding one issue after other tools have found 300 this year is embarrassing. Mythos was supposed to be better and novel.

tptacek a day ago  [ - ]

It is definitely not the case that curl has been or is now a marquee vulnerability research target. It's a CLI HTTP fetcher. It's the same with sudo. It's a big deal if a sudo vulnerability gets found, because it's an extremely load-bearing piece of software, but sudo is itself not a prime target, because it doesn't do much.

43ahg a day ago  [ - ]

There is no claim that it is a "vulnerability research target". It is a bug finding magnet, and bugs can be found by anything from gcc warnings to AI tools.

No, it didn't attract a bluepill exploit research.

The fact that 300 bugs found in a year is not a recommendation as the pro-AI mafia suddenly claims ("because it has been analyzed!") still stands. Maybe the AI-mafia should sell "analyzed by Mythos" labels to impress people who don't write public software or find bugs for that matter.

tptacek a day ago  [ - ]

What’s a “bluepill exploit”?

aSJH1 a day ago  [ - ]

[flagged]

tptacek 21 hours ago  [ - ]

You are linking to a Wikipedia page in which I am literally cited (I presented a hypervisor malware detection scheme at the Black Hat conference where Joanna Rutkowska presented this; it was a whole thing). I'm telling you that the term makes no sense in this thread. I think you meant to use a different term.

hqt124 20 hours ago  [ - ]

[flagged]

junon 10 hours ago  [ - ]

Stop abusing the system with new accounts. You're not cool like that.

slater 20 hours ago  [ - ]

What's with the nonstop new accounts...?

301quH 20 hours ago  [ - ]

[flagged]

enraged_camel a day ago  [ - ]

Did you... create a new account just to be able to respond to Thomas?

Btw, he's a security researcher. You should be more respectful.

tptacek 19 hours ago  [ - ]

I don't care if they're respectful, but they should try to be less confusing. "Blue Pill" isn't a kind of exploit. I assumed they meant "blue hat".

1248wu a day ago  [ - ]

[flagged]

achierius 21 hours ago  [ - ]

What am I?