Julf
2016-05-02 19:06:26 UTC
Even the audiophile music sharing site What.CD seems to have succumbed
to the "truthiness trumps engineering sense" malaise.
'The Register: Audiophile torrent site What.CD fully pwnable thanks to
wrecked RNG'
(http://www.theregister.co.uk/2016/05/02/what_cd_security_flaw/http://)
They are using mt_rand straight into its password reset which is a
textbook example of how not to use it, the researcher told The Register
at the WAHckon security conference in Perth, Saturday.
I reported it a year ago, and they acknowledged it but said don't
worry about it.
"To try to judge the real from the false will always be hard. In this
fast-growing art of 'high fidelity' the quackery will bear a solid gilt
edge that will fool many people" - Paul W Klipsch, 1953
------------------------------------------------------------------------
Julf's Profile: http://forums.slimdevices.com/member.php?userid=42050
View this thread: http://forums.slimdevices.com/showthread.php?t=105544
to the "truthiness trumps engineering sense" malaise.
'The Register: Audiophile torrent site What.CD fully pwnable thanks to
wrecked RNG'
(http://www.theregister.co.uk/2016/05/02/what_cd_security_flaw/http://)
They are using mt_rand straight into its password reset which is a
textbook example of how not to use it, the researcher told The Register
at the WAHckon security conference in Perth, Saturday.
I reported it a year ago, and they acknowledged it but said don't
worry about it.
"To try to judge the real from the false will always be hard. In this
fast-growing art of 'high fidelity' the quackery will bear a solid gilt
edge that will fool many people" - Paul W Klipsch, 1953
------------------------------------------------------------------------
Julf's Profile: http://forums.slimdevices.com/member.php?userid=42050
View this thread: http://forums.slimdevices.com/showthread.php?t=105544