| ▲ | londons_explore 4 hours ago |
| Didn't realise this was some historic evil script and not some active attacker who could change tack at any moment. That makes the fix pretty easy. Write a regex to detect the evil script, and revert every page to a historic version without the script. |
|
| ▲ | jl6 an hour ago | parent | next [-] |
| Letting ancient evil code run? Have we learned nothing from A Fire Upon the Deep?! |
| |
| ▲ | HoldOnAMinute 34 minutes ago | parent | next [-] | | "It was really just humans playing with an old library. It should be safe, using their own automation, clean and benign. This library wasn't a living creature, or even possessed of automation (which here might mean something more, far more, than human)." | |
| ▲ | varenc 27 minutes ago | parent | prev | next [-] | | Link to the Prologue of Fire Upon the Deep: https://www.baen.com/Chapters/-0812515285/A_Fire_Upon_the_De... It's very short and from one of my favorite books. Increasingly relevant. | |
| ▲ | edoceo 44 minutes ago | parent | prev | next [-] | | I've only just heard of it. But, I already knew to not run random scripts under a privileged account. And thank you for the book suggestion - I'm into those kinds of tales. | |
| ▲ | xeromal 17 minutes ago | parent | prev [-] | | I love that book |
|
|
| ▲ | Melatonic 14 minutes ago | parent | prev | next [-] |
| Or just restore from backup across the board. Assuming they do their backups well this shouldn't be too hard (especially since its currently in Read Only mode which means no new updates) |
|
| ▲ | observationist 36 minutes ago | parent | prev | next [-] |
| Are you sure?
Are you $150 million ARR sure?
Are you $150 million ARR, you'd really like to keep your job, you're not going to accidentally leave a hole or blow up something else, sure? I agree, mostly, but I'm also really glad I don't have to put out this fire. Cheering them on from the sidelines, though! |
|
| ▲ | jacquesm 3 hours ago | parent | prev [-] |
| True but it does say something that such a script was able to lie dormant for so long. |
| |
| ▲ | outofpaper 2 hours ago | parent [-] | | Why would anyone test in production???!!! | | |
| ▲ | HoldOnAMinute 33 minutes ago | parent | next [-] | | There are plenty of ways to safely test in production. For one thing you need to limit the scope of your changes. | |
| ▲ | fifilura 2 hours ago | parent | prev | next [-] | | I have never heard of this kind of insane behaviour before. | |
| ▲ | ninth_ant an hour ago | parent | prev [-] | | Selecting the wrong environment in your test setup by mistake? I refuse to believe that someone on the security team intentionally tested random user scripts in production on purpose. | | |
| ▲ | irishcoffee 37 minutes ago | parent [-] | | > I refuse to believe that someone on the security team intentionally tested random user scripts in production on purpose. Do I have a bridge to sell you, oh boy |
|
|
|
