this post was submitted on 20 Nov 2024
623 points (98.7% liked)

Technology

59517 readers
3154 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
L3s@lemmy.world
L3s@fry.gs
L4s@fry.gs
L4s@lemmy.world
enu@lemmy.world
623
D-Link refuses to patch yet another security flaw, suggests users just buy new routers — D-Link told users to replace NAS last week (www.tomshardware.com)
submitted 1 day ago by Xatolos@reddthat.com to c/technology@lemmy.world
115 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] Dran_Arcana@lemmy.world 25 points 1 day ago (1 children)

Because that bug was so egregious, it demonstrates a rare level of incompetence.

[–] NaibofTabr@infosec.pub 19 points 1 day ago (2 children)

that bug was so egregious, it demonstrates a rare level of incompetence

I wish so much this was true, but it super isn't. Some of the recent Cisco security flaws are just so brain-dead stupid you wonder if they have any internal quality control at all... and, well, there was the Crowdstrike thing...

[–] BigDanishGuy@sh.itjust.works 3 points 15 hours ago

Some of the recent Cisco security flaws are just so brain-dead stupid you wonder if they have any internal quality control at all

At the super budget prices Cisco charges, do you really expect quality control to be included? You've got to buy a quality control subscription for that. /s

[–] Dran_Arcana@lemmy.world 17 points 23 hours ago* (last edited 23 hours ago)

Idk, this was kind of a rare combination of "write secure function; proceed to ignore secure function and rawdog strings instead" + "it can be exploited by entering a string with a semicolon". Neither of those are anything near as egregious as a use after free or buffer overflow. I get programming is hard but like, yikes. It should have been caught on both ends