zlacker

> C and C++ has been failing us for decades yet we continue to use such unsafe stacks.

I'm not sure — what do C and C++ have to do with this?

>>mattri+(OP)
They are not memory safe by design. See: https://xeiaso.net/blog/series/no-way-to-prevent-this/

Of course all languages can produce insecure binaries, but C/C++ buffer overflows and similar vulnerabilities are likely what AlgebraFox refers to.

>>timcam+J
> They are not memory safe by design

I'm aware of that, but the C/C++ thing seemed more like a rant, hence my question.

I've searched up the malware and it doesn't seem to use memory exploitation. Rust is not going to magically protect you against any security issue caused by cloud misconfiguration.

>>mattri+j1
What is the point you're trying to make here? Are you waiting for some malware that exploits a buffer overrun to infect you before conceding that C/C++ is a terrible choice for memory-safe code?

>>lopken+A3
It just seems totally unrelated to this post.

>>mattri+j1
I think it was a rant, but still related to the post. Its point is that we need to minimize the attack surface of our infrastructure, even at home. People tend to expose services unintentionally, but what's so bad about that? After all, they are password protected.

Well, even when these exposed services are not built to cause harm or provide admin privileges, like all software they tend to not be memory secure. This gives a lucky attacker a way in from just exposing a single port on the network. I can see where comments on memory unsafe languages fit in here, although vulnerabilities such as XSS also apply no matter what language we build software with.