18 Byte file, $14k bounty

I never felt comfortable using ImageMagick for desktop. Not under Ubuntu neither OSX. Really.

Not because of that, ehr, embrittled graphic user interface that most of the old open-source command software inherits. As if being open source means to be unpleasant.

Just because it was buggy. You had the feel it was buggy. Vulnerable.

Chris, feels the same. and does it technically in his analysis of the Yahoobleed :  A tricky vulnerability to spot because of the abstraction and also because this is a vulnerability caused by the absence of a necessary line of code, not the presence of a buggy line of code.

The ImageMagick Studio team did a great work back in 1999. But in our days there are no wizards, in a world of decreasing memory corruption and increasing sandboxing.

A world where  *bleed bugs provide a compelling option for easily stealing information from servers.

As that noble prized once sang, times are changing. Good bye, then , to the Ol' black magick. And it minds to me because of, in that old gone days,  before using c I was a fellow client of the yahoo email service.

And even in those prehistoric days, I never felt comfortable using ImageMagick.

ImageMagick was posted to Usenet's comp.archives group on August 1st, 1990.

Get yourself deepen on Yahoobleed  here, here and there

Via Jake Williams
Newer Post Older Post Home