Skip to content

Month: April 2018

Things you cannot say on Facebook, SQL Edition

Where I work, I am using an instance of Facebook at Work to communicate with colleagues. That is basically a grey-styled instance of Facebook which is supposed to run a forked codebase on isolated servers.

Today, it would not let me write the following SQL in Chat, in Facebook notes or comments:

Other versions of the error message complain about it being Spam, or mention the string sd.date as being problematic.

Why is that?

14 Comments

beep, patch and ed

So a few days ago, somebody found an exploit in beep – now CVE-2018-0492. beep is a program that is part of Debian (and Ubuntu) to have the PC speaker multiple times, at different frequencies, with different pauses and beep lengths. That works just fine.

It’s also SUID root.

There is zero code in it that deals with the fact that it may run privileged. The author confidently writes:

Leave a Comment