|
|
|
April 1st, 2008
09:27 am - Grrr
A server gets hacked, we are asked to help. The FBI tells us that a piece of software on the server has a vulnerability, but won't say what it is. I find a unique phrase that identifies installations of this software, and Google the phrase. Close to three million matches. The number of actual installations will be smaller than that, the phrase appears on multiple pages in an installation, but there are still a hell of a lot of people running this popular piece of open source software.
I'm pretty annoyed, because if we knew what the hole was, we could probably patch it. As it is, we're going to take the software off the server until a resolution is found. Meanwhile, I've contacted the software's authors to see if they are aware of the vuln and to see if they have a patch forthcoming. If they do, I won't say anything. If they are not helpful or are not responsive, I'm publishing what I know to the 'net at large, so people can protect themselves.
|
Comments:
Well, there's the FBI for ya. They want your help, but aren't willing to help you figure out what it is that's lost or needs fixing! =P I think you would do the right thing if they don't decide to be helpful.
Oh and by the way, I am TOTALLY jealous of the lenses you have that you previously posted. I need more money, I want those! Haha.
![[User Picture]](http://p-userpic.livejournal.com/59314485/168026) | | From: | ![[info]](http://p-stat.livejournal.com/img/userinfo.gif) misterx |
|---|
| Date: | April 1st, 2008 03:31 pm (UTC) |
|---|
| | | (Link) |
|
the lenses were a long time coming, so don't be too jealous.
Of course, it will probably turn out that the FBI is talking about a hole that was patched three years ago. the wheels of bureaucracy turn sloooooowly, after all.
| | From: | misterx |
|---|
| Date: | April 3rd, 2008 03:54 pm (UTC) |
|---|
| | | (Link) |
|
nope. |
|
|
|
|
LiveJournal.com |
