this post was submitted on 08 Sep 2025
16 points (86.4% liked)

Hacker News

2751 readers
532 users here now

Posts from the RSS Feed of HackerNews.

The feed sometimes contains ads and posts that have been removed by the mod team at HN.

founded 1 year ago
MODERATORS
patrick@lemmy.bestiver.se
rssbot@lemmy.bestiver.se
16
ICEBlock handled my vulnerability report in the worst possible way (micahflee.com)
submitted 4 weeks ago by rssbot@lemmy.bestiver.se to c/hackernews@lemmy.bestiver.se
4 comments fedilink hide all child comments
 

Comments

you are viewing a single comment's thread
view the rest of the comments
[โ€“] theterrasque 12 points 4 weeks ago (1 children)

uh.. So that's it, the apache server version? That's all? I looked at the critical cve's for that version, and honestly, they'd require a pretty specific setup to be abused if I understood them correctly. Most of them were various DoS with no information disclosure, and the only spooky one I saw require the server to have scripts the server is allowed to execute, but outside of the normal url mapping. Which then would have to be disclosing some info or doing something spooky. The rest seem to require the attacker to control the app behind the apache2 server.

Would be better to upgrade, of course, but it looks nowhere near as bad as the blog author makes it sound.

[โ€“] unexposedhazard@discuss.tchncs.de 5 points 4 weeks ago* (last edited 4 weeks ago)

The actual vulnerability doesnt matter, its the way the guy handled it and keeps handling everything. He is just not mentally and technically equipped to run a project like this. He is completely out of his depth.

The only thing he should be doing is publishing his source code and handing the project over to people that know how to deal with things like this. But he just really wants to play the hero instead of actually making sure that people can effectively avoid ICE.