Le 26/06/2014 17:03, Andre Klapper a écrit :
I have seen several 'bug reports' in Mozilla
Bugzilla by 'security
researchers' about source code of projects being exposed on Mozilla's
servers. Clearly a security breach. What does "FOSS" stand for?
So it boils down to "how to keep clueless people out", to be rough.
Eons ago, we had a couple security experts that paid us a visit to the
then very young #mediawiki .
They were willing to help us by auditing the code security and already
found a pretty nasty bug that could be a vector of attacks for other
It was possible to inject in an uploaded image any arbitrary code such
site and point a victim at it.
Damn. Wikipedia, a few years old, has been a serious threat to the
internet. We were shocked and took the matter very "seriously".
Then it was either Brion or Tim that showed up and wrote something like:
page by pressing .
Two security experts promptly disappeared.
Antoine "hashar" Musso