I really don't miss VB6

Whether you're a newbie or an experienced programmer, any questions, help, or just talk of any language will be welcomed here.

Moderator: Coders of Rage

Post Reply
User avatar
dandymcgee
ES Beta Backer
ES Beta Backer
Posts: 4709
Joined: Tue Apr 29, 2008 3:24 pm
Current Project: https://github.com/dbechrd/RicoTech
Favorite Gaming Platforms: NES, Sega Genesis, PS2, PC
Programming Language of Choice: C
Location: San Francisco
Contact:

I really don't miss VB6

Post by dandymcgee »

Was browsing StackOverflow to see if the CLR has a decent generic sorted list implementation, and got a good chuckle from this heavily downvoted (yet inarguably creative) proposal:

http://stackoverflow.com/a/196615/770230

Like I said: I really don't miss VB6.
Falco Girgis wrote:It is imperative that I can broadcast my narcissistic commit strings to the Twitter! Tweet Tweet, bitches! :twisted:
K-Bal
ES Beta Backer
ES Beta Backer
Posts: 701
Joined: Sun Mar 15, 2009 3:21 pm
Location: Germany, Aachen
Contact:

Re: I really don't miss VB6

Post by K-Bal »

That is hilarious in a horrible way.
User avatar
bbguimaraes
Chaos Rift Junior
Chaos Rift Junior
Posts: 294
Joined: Wed Apr 11, 2012 4:34 pm
Programming Language of Choice: c++
Location: Brazil
Contact:

Re: I really don't miss VB6

Post by bbguimaraes »

This reminds me of that software (can't remember which one) that, instead of generating a random number locally, made a http request to some website. And it was worse, because they didn't check for errors, so one day the website went down (or changed the api, or something) and now all clients had the same seed: the error message. I think that was the most shameful vulnerability I've ever head of. Does anyone remember what I was?
User avatar
dandymcgee
ES Beta Backer
ES Beta Backer
Posts: 4709
Joined: Tue Apr 29, 2008 3:24 pm
Current Project: https://github.com/dbechrd/RicoTech
Favorite Gaming Platforms: NES, Sega Genesis, PS2, PC
Programming Language of Choice: C
Location: San Francisco
Contact:

Re: I really don't miss VB6

Post by dandymcgee »

bbguimaraes wrote:This reminds me of that software (can't remember which one) that, instead of generating a random number locally, made a http request to some website. And it was worse, because they didn't check for errors, so one day the website went down (or changed the api, or something) and now all clients had the same seed: the error message. I think that was the most shameful vulnerability I've ever head of. Does anyone remember what I was?
Lmao, never heard of that. That's a *gaping* security hole. It's so easy to proxy that request to MITM... Hopefully it wasn't used for anything important.
Falco Girgis wrote:It is imperative that I can broadcast my narcissistic commit strings to the Twitter! Tweet Tweet, bitches! :twisted:
User avatar
bbguimaraes
Chaos Rift Junior
Chaos Rift Junior
Posts: 294
Joined: Wed Apr 11, 2012 4:34 pm
Programming Language of Choice: c++
Location: Brazil
Contact:

Re: I really don't miss VB6

Post by bbguimaraes »

dandymcgee wrote:Lmao, never heard of that. That's a *gaping* security hole. It's so easy to proxy that request to MITM... Hopefully it wasn't used for anything important.
Just spent half an hour heavily searching my brain/the internet, here it is. I recommend reading the entire article. When they say "a comedy of programming errors", they really mean it:
The most serious of the flaws is the use of the unencrypted HTTP connections when the app's cryptographic engine contacts random.org to obtain random numbers used to generate private keys for Bitcoin addresses. Since January, random.org has required the use of the more secure HTTPS protocol and has returned a 301 Moved Permanently response when accessed through HTTP. As a result, vulnerable installations of Blockchain for Android generated the private key corresponding to the address 1Bn9ReEocMG1WEW1qYjuDrdFzEFFDCq43F, regardless of the address specified by the user.
And that's what protected the bitcoin wallets of users.
User avatar
dandymcgee
ES Beta Backer
ES Beta Backer
Posts: 4709
Joined: Tue Apr 29, 2008 3:24 pm
Current Project: https://github.com/dbechrd/RicoTech
Favorite Gaming Platforms: NES, Sega Genesis, PS2, PC
Programming Language of Choice: C
Location: San Francisco
Contact:

Re: I really don't miss VB6

Post by dandymcgee »

bbguimaraes wrote:
dandymcgee wrote:Lmao, never heard of that. That's a *gaping* security hole. It's so easy to proxy that request to MITM... Hopefully it wasn't used for anything important.
Just spent half an hour heavily searching my brain/the internet, here it is. I recommend reading the entire article. When they say "a comedy of programming errors", they really mean it:
The most serious of the flaws is the use of the unencrypted HTTP connections when the app's cryptographic engine contacts random.org to obtain random numbers used to generate private keys for Bitcoin addresses. Since January, random.org has required the use of the more secure HTTPS protocol and has returned a 301 Moved Permanently response when accessed through HTTP. As a result, vulnerable installations of Blockchain for Android generated the private key corresponding to the address 1Bn9ReEocMG1WEW1qYjuDrdFzEFFDCq43F, regardless of the address specified by the user.
And that's what protected the bitcoin wallets of users.
Why did I know it was going to be random.org before you even posted this..? Rofl. :nono:
Falco Girgis wrote:It is imperative that I can broadcast my narcissistic commit strings to the Twitter! Tweet Tweet, bitches! :twisted:
Post Reply