[gentoo-user] Re: [OT/rant] Self-replicating programmer stupidity

[Harry Putnam <reader@newsguy.com>]

walt <w41ter@gmail.com> writes:

> I've been reading the monthly security bulletin from sans.org for
> several years.  During that time I've noticed some recurring themes,
> including multiple appearances from Adobe products like Flash.
>
> Another recurring theme is ftp servers (of which there are dozens)
> like this month's report:
>
> Platform: Cross Platform
> Title: Wing FTP Server "ssh public key" Authentication Security Bypass
> Vulnerability
> Description: Wing FTP Server is a secure file server for Windows, Linux,
> Mac, FreeBSD and Solaris. Wing FTP Server is exposed to a security bypass
> issue that affects the SSH authentication mechanism. Versions prior to
> Wing FTP Server 3.8.8 are affected.
> Ref: http://www.securityfocus.com/bid/48335/info
>
> Mind you, this is the first time I've seen Wing mentioned, but over the
> years there have been dozens of other ftp servers cited for other flaws
> in security.
>
> My question:  WTF uses these poorly written ftp servers?  Why do they
> exist?  Who asked for them?  Who wrote the code, and why?
>
> My tentative guess: either evil programmers, or incompetent programmers.
> (I suspect the intersection of the two sets is very small.)
>
> Many years ago when I was still using M$ Windows I wrote my own hex
> editor in Visual Basic.  I can't explain why I chose to do it, other
> than as an exercise to learn Visual Basic.  (I haven't used it since.)
>
> I'm quite certain that my hex editor would flunk even the most basic
> security tests today because I wasn't programming with security in mind.
> (In other words, I was the rankest of amateurs.)
>
> I'm running out of indignation now, and going to bed, but I'd welcome
> other indignant comments :)

Egad, such foolishness.  What's wrong with them...

(How did I do for indignant?  ; ) )