←back to thread

Writing "/etc/hosts" breaks the Substack editor

(scalewithlee.substack.com)
601 points scalewithlee | 1 comments | 25 Apr 25 13:48 UTC | HN request time: 0.232s | source
Show context
wglb ◴[25 Apr 25 15:29 UTC] No.43794621[source]
The problem with WAF is discussed in https://users.ece.cmu.edu/~adrian/731-sp04/readings/Ptacek-N....

One of the authors of the paper has said "WAFs are just speed bump to a determined attacker."

replies(1): >>43794640 #
p_ing ◴[25 Apr 25 15:31 UTC] No.43794640[source]
Locks are a speedbump for a lockpick.

Doors are a speedbump for a car.

Well yeah, sure, doesn't mean I'm going to have an open doorframe or a door without a lock.

replies(1): >>43795769 #
wat10000 ◴[25 Apr 25 16:43 UTC] No.43795769[source]
The difference is that a door tends to be the only thing between you and an attacker. A speedbump is better than nothing.

This isn't like having a lock on your door, this is like having a cheap, easily pickable padlock on your bank vault. If the vault has a proper lock then the padlock serves no purpose, and if it doesn't then you're screwed regardless.

replies(2): >>43796190 #>>43797159 #
1. Macha ◴[25 Apr 25 17:18 UTC] No.43796190[source]
And to extend the metaphor to cover the false positives these systems produce, sometimes the padlock seizes shut if the air temperature is in a certain range, and the team that put it there refuses to take responsibility for the fact they've locked your customers from accessing their assets with the valid key.