(scalewithlee.substack.com)

601 points scalewithlee | 1 comments | 25 Apr 25 13:48 UTC | HN request time: 0s | source

Show context

Y_Y ◴[25 Apr 25 14:13 UTC] No.43793778[source]▶

Does it block `/etc//hosts` or `/etc/./hosts`? This is a ridiculous kind of whack-a-mole that's doomed to failure. The people who wrote these should realize that hackers are smarter and more determined than they are and you should only rely on proven security, like not executing untrusted input.

replies(6): >>43793862 #>>43793868 #>>43793954 #>>43794072 #>>43794473 #>>43802345 #

eli ◴[25 Apr 25 14:28 UTC] No.43793954[source]▶

>>43793778 #

Is a security solution worthless if it can't stop a dedicated attacker? A lot of WAF rules are blocking probes from off-the-shelf vulnerability scanners.

replies(4): >>43794116 #>>43794355 #>>43795518 #>>43796747 #

1. da_chicken ◴[25 Apr 25 14:43 UTC] No.43794116[source]▶

>>43793954 #

"It's technically better than nothing," is kind of a bizarre metric.

It's like not allowing the filesystem to use the word "virus" in a file name. Yes, it technically protects against some viruses, but it's really not very difficult to avoid while being a significant problem to a fair number of users with a legitimate use case.

It's not that it's useless. It's that it's stupid.

↑

Writing "/etc/hosts" breaks the Substack editor