undefined | Better HN

0 pointsDylan168079y ago0 comments

>A major security issue with probably the most popular automated image processing toolkit in existence came to light just the other day.

Because of all the weird formats it supports. That's why I said jpg/png, not 'images'. Any software that supports 200 formats probably has severe bugs on the rare ones. Doesn't matter for making a secure image server where you can dictate the format.

>In any case, the relative rarity isn't really the point. Either it's ethically and/or legally correct to assign blame for malicious advertising to the final host site that the user actually visits, or it isn't. That's the principle we're really debating, and the rest is just a degree of risk.

Whether they are being negligent is relevant. Allowing known-risky formats that keep failing over and over is negligent.

0 comments

Silhouette9y ago

Allowing known-risky formats that keep failing over and over is negligent.

But if you look at this from the opposite direction, you're essentially arguing that we should only use technologies that are known, or at least reasonably expected, to be extremely safe.

Given that in general humanity hasn't yet figured out how to create such technologies, and that numerous formats we use every day on the web to great overall benefit would not qualify, that seems a tall order.

Dylan16807OP9y ago

> But if you look at this from the opposite direction, you're essentially arguing that we should only use technologies that are known, or at least reasonably expected, to be extremely safe.

No I'm not. Go ahead and use a new technology. But don't use a proven-bad technology.

If you tried a reasonable amount and don't know about security holes, that's one thing. If someone shows you the security holes, and you don't fix them, that is where you're a bad actor.

Silhouette9y ago

Go ahead and use a new technology. But don't use a proven-bad technology.

But the "proven bad" technology you're talking about here is just incorporating any third party content in your site. Obviously that is a security risk if the third party isn't perfect about policing what they host.

On the other hand, billions of resources are served in that way every day, and the web is a much better place for it. Only a tiny fraction of those third party resources are hostile, and most of the ones that are will be closed down rapidly by the third party service themselves once discovered.

So is this really in "proven bad", "known-risky" territory, or are we actually talking about "very rare" dangers and a lot of hyperbole here?

1 more reply

MichaelBurge9y ago

You can use a theorem prover like Coq to generate software that proves an image parser correct.

Silhouette9y ago

Existence proof of a 100% safe image parser built using a formal theorem prover, please.

Dylan16807OP9y ago

For an image parser all you really need is to use a language without buffer overflows.

1 more reply

j / k navigate · click thread line to collapse

0 pointsDylan168079y ago0 comments

>A major security issue with probably the most popular automated image processing toolkit in existence came to light just the other day.

Whether they are being negligent is relevant. Allowing known-risky formats that keep failing over and over is negligent.

0 comments

Silhouette9y ago

Allowing known-risky formats that keep failing over and over is negligent.

But if you look at this from the opposite direction, you're essentially arguing that we should only use technologies that are known, or at least reasonably expected, to be extremely safe.

Dylan16807OP9y ago

> But if you look at this from the opposite direction, you're essentially arguing that we should only use technologies that are known, or at least reasonably expected, to be extremely safe.

No I'm not. Go ahead and use a new technology. But don't use a proven-bad technology.

If you tried a reasonable amount and don't know about security holes, that's one thing. If someone shows you the security holes, and you don't fix them, that is where you're a bad actor.

Silhouette9y ago

Go ahead and use a new technology. But don't use a proven-bad technology.

So is this really in "proven bad", "known-risky" territory, or are we actually talking about "very rare" dangers and a lot of hyperbole here?

1 more reply

MichaelBurge9y ago

You can use a theorem prover like Coq to generate software that proves an image parser correct.

Silhouette9y ago

Existence proof of a 100% safe image parser built using a formal theorem prover, please.

Dylan16807OP9y ago

For an image parser all you really need is to use a language without buffer overflows.

1 more reply

j / k navigate · click thread line to collapse