#curl and its website feature no trackers, no cookies, no ads, no website analytics, no telemetry, no logs. We truly don't know you and what you do with curl - unless you tell us in our annual survey.
B
bagder@mastodon.social
@bagder@mastodon.social
Posts
-
#curl and its website feature no trackers, no cookies, no ads, no website analytics, no telemetry, no logs. -
CycloneDX cancels their bug-bounty program blaming AI slop:CycloneDX cancels their bug-bounty program blaming AI slop:
"This caused a lot of extra work which is why we decided to abandon the program. Thanks AI."
-
"thank you for your existence" - I do get lovely emails as well in my #inbox"thank you for your existence" - I do get lovely emails as well in my #inbox
-
If you can trick a user to run a command tool in a way that ends up causing the user problems, that is not a security problem in that tool.the latest incarnation of this is someone saying that curl can be used to download a ".curlrc" into your $HOME and then curl might do bad things in subsequent invokes.
The first step is "just" to trick a user to run a curl command line doing the bad.
... if you can trick a user into running an arbitrary command, you can of course do so much more harm than just this.
-
If you can trick a user to run a command tool in a way that ends up causing the user problems, that is not a security problem in that tool.If you can trick a user to run a command tool in a way that ends up causing the user problems, that is not a security problem in that tool.
Just saying. In case you're thinking of submitting such a report about a command line tool in your toolbox.
But surely no sane person would. Right? Right?