I really don't miss VB6

Whether you're a newbie or an experienced programmer, any questions, help, or just talk of any language will be welcomed here.

Moderator: Coders of Rage

I really don't miss VB6

Postby dandymcgee on Mon Mar 07, 2016 4:01 pm

Was browsing StackOverflow to see if the CLR has a decent generic sorted list implementation, and got a good chuckle from this heavily downvoted (yet inarguably creative) proposal:

http://stackoverflow.com/a/196615/770230

Like I said: I really don't miss VB6.
Falco Girgis wrote:It is imperative that I can broadcast my narcissistic commit strings to the Twitter! Tweet Tweet, bitches! :twisted:
User avatar
dandymcgee
ES Beta Backer
ES Beta Backer
 
Posts: 4911
Joined: Tue Apr 29, 2008 4:24 pm
Location: New Hampshire

Re: I really don't miss VB6

Postby K-Bal on Fri Mar 11, 2016 5:03 am

That is hilarious in a horrible way.
User avatar
K-Bal
ES Beta Backer
ES Beta Backer
 
Posts: 719
Joined: Sun Mar 15, 2009 4:21 pm
Location: Germany, Aachen

Re: I really don't miss VB6

Postby bbguimaraes on Fri Mar 11, 2016 5:22 am

This reminds me of that software (can't remember which one) that, instead of generating a random number locally, made a http request to some website. And it was worse, because they didn't check for errors, so one day the website went down (or changed the api, or something) and now all clients had the same seed: the error message. I think that was the most shameful vulnerability I've ever head of. Does anyone remember what I was?
User avatar
bbguimaraes
Chaos Rift Junior
Chaos Rift Junior
 
Posts: 324
Joined: Wed Apr 11, 2012 5:34 pm
Location: Brazil

Re: I really don't miss VB6

Postby dandymcgee on Sat Mar 12, 2016 2:17 pm

bbguimaraes wrote:This reminds me of that software (can't remember which one) that, instead of generating a random number locally, made a http request to some website. And it was worse, because they didn't check for errors, so one day the website went down (or changed the api, or something) and now all clients had the same seed: the error message. I think that was the most shameful vulnerability I've ever head of. Does anyone remember what I was?

Lmao, never heard of that. That's a *gaping* security hole. It's so easy to proxy that request to MITM... Hopefully it wasn't used for anything important.
Falco Girgis wrote:It is imperative that I can broadcast my narcissistic commit strings to the Twitter! Tweet Tweet, bitches! :twisted:
User avatar
dandymcgee
ES Beta Backer
ES Beta Backer
 
Posts: 4911
Joined: Tue Apr 29, 2008 4:24 pm
Location: New Hampshire

Re: I really don't miss VB6

Postby bbguimaraes on Mon Mar 14, 2016 6:31 am

dandymcgee wrote:Lmao, never heard of that. That's a *gaping* security hole. It's so easy to proxy that request to MITM... Hopefully it wasn't used for anything important.

Just spent half an hour heavily searching my brain/the internet, here it is. I recommend reading the entire article. When they say "a comedy of programming errors", they really mean it:

The most serious of the flaws is the use of the unencrypted HTTP connections when the app's cryptographic engine contacts random.org to obtain random numbers used to generate private keys for Bitcoin addresses. Since January, random.org has required the use of the more secure HTTPS protocol and has returned a 301 Moved Permanently response when accessed through HTTP. As a result, vulnerable installations of Blockchain for Android generated the private key corresponding to the address 1Bn9ReEocMG1WEW1qYjuDrdFzEFFDCq43F, regardless of the address specified by the user.

And that's what protected the bitcoin wallets of users.
User avatar
bbguimaraes
Chaos Rift Junior
Chaos Rift Junior
 
Posts: 324
Joined: Wed Apr 11, 2012 5:34 pm
Location: Brazil

Re: I really don't miss VB6

Postby dandymcgee on Mon Mar 14, 2016 7:22 pm

bbguimaraes wrote:
dandymcgee wrote:Lmao, never heard of that. That's a *gaping* security hole. It's so easy to proxy that request to MITM... Hopefully it wasn't used for anything important.

Just spent half an hour heavily searching my brain/the internet, here it is. I recommend reading the entire article. When they say "a comedy of programming errors", they really mean it:

The most serious of the flaws is the use of the unencrypted HTTP connections when the app's cryptographic engine contacts random.org to obtain random numbers used to generate private keys for Bitcoin addresses. Since January, random.org has required the use of the more secure HTTPS protocol and has returned a 301 Moved Permanently response when accessed through HTTP. As a result, vulnerable installations of Blockchain for Android generated the private key corresponding to the address 1Bn9ReEocMG1WEW1qYjuDrdFzEFFDCq43F, regardless of the address specified by the user.

And that's what protected the bitcoin wallets of users.

Why did I know it was going to be random.org before you even posted this..? Rofl. :nono:
Falco Girgis wrote:It is imperative that I can broadcast my narcissistic commit strings to the Twitter! Tweet Tweet, bitches! :twisted:
User avatar
dandymcgee
ES Beta Backer
ES Beta Backer
 
Posts: 4911
Joined: Tue Apr 29, 2008 4:24 pm
Location: New Hampshire


Return to Programming Discussion

Who is online

Users browsing this forum: No registered users and 2 guests