Board indexTopical DiscussionComputers, Math, Science, and Technology

Cybersecurity

Page 1 of 2 [ 21 posts ]  Go to page 1, 2  Next

Previous topic | Next topic

eric76
Veteran
Veteran

User avatar

Joined: 31 Aug 2012
Gender: Male
Posts: 10,660
Location: In the heart of the dust bowl

30 Oct 2017, 2:42 pm

Ichinin wrote:
eric76 wrote:
Ichinin wrote:
Forgot, as to what programming language.

C is dead. Gone. Skip if unless you want to write code for dishwashers or do low level stuff and produce insecure code which C is known for.


There is nothing insecure about C. Sure, there is plenty of code written in C that in not secure, but that's because there is so much code written in C.

The security of the software does not depend on whether or not it is written in C.


Unless you know how to write secure code in C and why you shouldn't not use it, please do not make claims about it.


Rather pretentious, aren't you?

And very, very wrong.



Ichinin
Veteran
Veteran

User avatar

Joined: 3 Apr 2009
Gender: Male
Posts: 3,653
Location: A cold place with lots of blondes.

30 Oct 2017, 3:23 pm

eric76 wrote:
Ichinin wrote:
eric76 wrote:
Ichinin wrote:
Forgot, as to what programming language.

C is dead. Gone. Skip if unless you want to write code for dishwashers or do low level stuff and produce insecure code which C is known for.


There is nothing insecure about C. Sure, there is plenty of code written in C that in not secure, but that's because there is so much code written in C.

The security of the software does not depend on whether or not it is written in C.


Unless you know how to write secure code in C and why you shouldn't not use it, please do not make claims about it.


Rather pretentious, aren't you?

And very, very wrong.


No, i'm an actual SECURITY PROFESSIONAL, apparently the only one in this thread. Go hide in the programming thread where you sprouted your ill informed opinion about your ancient buffer overflow producing language.


_________________
"It is far better to grasp the Universe as it really is than to persist in delusion, however satisfying and reassuring" (Carl Sagan)


eric76
Veteran
Veteran

User avatar

Joined: 31 Aug 2012
Gender: Male
Posts: 10,660
Location: In the heart of the dust bowl

30 Oct 2017, 3:59 pm

Ichinin wrote:
eric76 wrote:
Ichinin wrote:
eric76 wrote:
Ichinin wrote:
Forgot, as to what programming language.

C is dead. Gone. Skip if unless you want to write code for dishwashers or do low level stuff and produce insecure code which C is known for.


There is nothing insecure about C. Sure, there is plenty of code written in C that in not secure, but that's because there is so much code written in C.

The security of the software does not depend on whether or not it is written in C.


Unless you know how to write secure code in C and why you shouldn't not use it, please do not make claims about it.


Rather pretentious, aren't you?

And very, very wrong.


No, i'm an actual SECURITY PROFESSIONAL, apparently the only one in this thread. Go hide in the programming thread where you sprouted your ill informed opinion about your ancient buffer overflow producing language.


The buffer overflows are the result of poor programming practices, not the language. The most you could say is that C doesn't protect you from your own bad practices. That does not make it inherently insecure.

Besides, buffer overflows aren't that difficult to avoid.

And, for what it's worth, I've seen "security professionals" who were too incompetent to set up a firewall.

Want to know what the real security issues are? People who don't know anything about security thinking that they do. We end up with very broken protocols and very broken implementations. If you want a really good example of this, WPA for wireless "security" is one.



Ichinin
Veteran
Veteran

User avatar

Joined: 3 Apr 2009
Gender: Male
Posts: 3,653
Location: A cold place with lots of blondes.

31 Oct 2017, 5:31 am

Here is a procedure list before talking about security:
1. Do your home work.
2. Open your mouth.

This is the general consensus of people who have programming experience and work in security:
https://twitter.com/ryanhuber/status/877623129903738880


_________________
"It is far better to grasp the Universe as it really is than to persist in delusion, however satisfying and reassuring" (Carl Sagan)


Ichinin
Veteran
Veteran

User avatar

Joined: 3 Apr 2009
Gender: Male
Posts: 3,653
Location: A cold place with lots of blondes.

31 Oct 2017, 6:10 am

https://www.tripwire.com/state-of-security/vulnerability-management/compiler-undermining-secure-coding/

https://www.us-cert.gov/bsi/articles/knowledge/coding-practices/compiler-checks

http://www.cs.kuleuven.be/publicaties/rapporten/cw/CW386.pdf

https://nebelwelt.net/publications/files/15LangSec.pdf

"Boohoo, someone is pointing out security vulnerabilities in my language, and i defend it because i dont know how to write code in any other language, because my programming knowledge refuse to move beyond 1972."

Image


_________________
"It is far better to grasp the Universe as it really is than to persist in delusion, however satisfying and reassuring" (Carl Sagan)


eric76
Veteran
Veteran

User avatar

Joined: 31 Aug 2012
Gender: Male
Posts: 10,660
Location: In the heart of the dust bowl

31 Oct 2017, 3:10 pm

Ichinin wrote:
personal attack removed


Why don't you grow up and learn to debate a subject instead of resorting to personal attacks?

By turning it into a personal attack, the points you were trying to make will now be ignored.