16 years of CVE-2008-0166 - Debian OpenSSL Bug

boredsquirrel@slrpnk.net to Linux@lemmy.ml – 88 points –
16 years of CVE-2008-0166 - Debian OpenSSL Bug
16years.secvuln.info
7

You are viewing a single comment

You know it’s serious when you’ve set up a whole new subdomain for this one big!

Thats how they supposedly do this haha

I suppose they have a very minimal webserver, hardened to the max and for sure not using docker

Oh I know it’s minimal effort to spin one up, especially for a static page. It’s just funny that that’s how this goes now.

Its not, web dev is all about running 4 different Operating systems in containers, with huge dependency chains and slow loading javascript crap

As a web developer, I’d say I feel insulted by such a wild accusation, but then I’d be lying. 😅

Plus downloading all your malicious software through unauth'd channels like npm, pip, cargo, docker hub, or github

...it doesn't, you put static files on a CDN. Nobody in their right mind serves them from custom-made webservers (anymore). Those are intended exclusively for dynamic code (APIs for business logic, authentication, user actions, search etc.)