Slashdot Mirror


Due Diligence?

ekr writes "The OpenSSL remote buffer overflows discovered at the end of July got a lot of press here on /. But how many people actually fixed their machines? I decided to study this question, and the results are kind of depressing. Two weeks after the release of the bug, over two thirds of the servers I sampled were still vulnerable. Even two weeks after the Slapper worm was announced, a third of the total servers were vulnerable. The paper can be found here in PDF or Postscript."

4 of 202 comments (clear)

  1. this is why... by mr_gerbik · · Score: 5, Funny

    This is why I run Windows 3.11. No worries about falling behind and not installing the latest fixes.

  2. Damn MCSEs by davinciII · · Score: 5, Funny

    See, this is exactly what happens when you hire a bunch of paper MCSEs to run your........

    wait, did you say Linux?

  3. Re:Gentoo! by op00to · · Score: 3, Funny

    >2 minutes? Like an hour?

  4. gah by nomadic · · Score: 3, Funny

    But how many people actually fixed their machines? I decided to study this question, and the results are kind of depressing.

    If you're depressed by that, you might want to see a psychiatrist. I mean, you shouldn't have that kind of reaction to such a minor issue.