Due Diligence?

← Back to Stories (view on slashdot.org)

Posted by michael on Friday November 15, 2002 @10:38AM from the postscript-always-a-nice-touch dept.

ekr writes "The OpenSSL remote buffer overflows discovered at the end of July got a lot of press here on /. But how many people actually fixed their machines? I decided to study this question, and the results are kind of depressing. Two weeks after the release of the bug, over two thirds of the servers I sampled were still vulnerable. Even two weeks after the Slapper worm was announced, a third of the total servers were vulnerable. The paper can be found here in PDF or Postscript."

8 of 202 comments (clear)

this is why... by mr_gerbik · 2002-11-15 10:45 · Score: 5, Funny

This is why I run Windows 3.11. No worries about falling behind and not installing the latest fixes.
1. Re:this is why... by Anonymous Coward · 2002-11-15 10:58 · Score: 1, Funny
  
  Similarly, I gave my mother in law BeOS 5 PE.
That is because by Neck_of_the_Woods · 2002-11-15 10:47 · Score: 1, Funny

The servers you sampled are administered by MCSEs'. Come one now, you know that this has to be the case, because no Linux admin could ever be lazy enough not to patch his system, this is the sole right of a paper MCSE.

Yea that was me pointing at you, the long haired pasty white guy with the god complex. You have become your own worst enemy. You have become lazy and ignorant because no one knew linux and you could rule. We guess what, with getting into the big league comes the price of being exposed.

Better brush up and get on the stick because yes a lot of MCSEs are lazy, no good, paper test taking gimps but your more dangerous. You take the assumption that you are secure, but as more eyeballs look at your systmes as linux gains marketshare you going to have the same issues.

Depressing no? Enjoy the ride, your in the spot light now my friends just like the windows guys....get to your patches like a good boy.

--
Neck_of_the_Woods
#/usr/local/surf/glassy/overhead
Damn MCSEs by davinciII · 2002-11-15 11:15 · Score: 5, Funny

See, this is exactly what happens when you hire a bunch of paper MCSEs to run your........

wait, did you say Linux?
Re:Servers should disable themselves... by Anonymous Coward · 2002-11-15 11:40 · Score: 1, Funny

It would be fair as well if trojaned softwares warned us. Some kind of disclamer like "The software you are about to install is trojaned. Would you like to continue? [Yes|No]". This way we would sleep better at night actually *knowing* that our server got rooted.
Re:Gentoo! by op00to · 2002-11-15 12:04 · Score: 3, Funny

>2 minutes? Like an hour?
So you're the asshole ... by The+AtomicPunk · 2002-11-15 13:33 · Score: 2, Funny

... that keeps probing my servers!!
gah by nomadic · 2002-11-15 19:46 · Score: 3, Funny

But how many people actually fixed their machines? I decided to study this question, and the results are kind of depressing.

If you're depressed by that, you might want to see a psychiatrist. I mean, you shouldn't have that kind of reaction to such a minor issue.