Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
kyberias
on Oct 25, 2012
|
parent
|
context
|
favorite
| on:
The most dangerous code in the world
This is definitely NOT a vulnerability in curl. I hate it when security people treat everything black and white. There ARE other things to consider.
tptacek
on Oct 25, 2012
|
next
[–]
Such as what? When VERIFYHOST=1, curl has basically turned the security part of SSL/TLS off. That seems like kind of a big deal for an HTTPS/SSL API.
wisty
on Oct 25, 2012
|
prev
[–]
> I hate it when security people treat everything black and white.
That's because experience shows if things are "grey" then someone can almost certainly break in.
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
