quote:
Originally posted by Huhu_Manix
Cookie > He said it's for him and his friends, a secure is useless...but add a little if which verify the origin of the message is not deprecate...
But I think you're making too much for a little thing, the script'll not be used by the gouvernment ^^
I'm not making too much of a little thing.
I know security and/or privacy is not high in your books, but it is in mine as I know at first hand what it means or can do.
And if you look at all the people who got their account stolen, you'll see that the majority of accounts has been stolen by "friends" or by them not knowing how to secure things or thinking it wouldn't come that far.
Even accidents are quick to happen. eg: a friend of phuzz trying the /run command on a critical file, for fun, "just for testing"...
Or what if some malicious person see this thread, sends phuzz a nice PM asking for his msn addy? I don't need to draw the picture I think....
Security is never useless at all. Moreover, in my post I didn't talked about high-end massive cryptography technology, I talked about some simple 1-line basic tests which could prevent all that...
Also, by the code you showed in public many people may try it. People who do not know what the consequences might be...
And to whom do you think those people come to ask for assitance or help? They come back to this forum. And as such we need to "clean up the mess" which such scripts has caused...
Again, I'm not making too much of a little thing. I'm thinking ahead of things which might happen and don't post stuff for the heck of it (or post things which can be easly abused by people).
My first post was a warning to your script snippet and also showed that what he was searching for already existed. Btw, the snippet might have been posted by anybody for that matter but as it didn't contained at least a warning or some basic safety measurements should have been posted with that) I posted what I needed to post.