Slashdot Mirror

← Back to Stories (view on slashdot.org)

Due Diligence?

Posted by michael on Friday November 15, 2002 @10:38AM from the postscript-always-a-nice-touch dept.

ekr writes "The OpenSSL remote buffer overflows discovered at the end of July got a lot of press here on /. But how many people actually fixed their machines? I decided to study this question, and the results are kind of depressing. Two weeks after the release of the bug, over two thirds of the servers I sampled were still vulnerable. Even two weeks after the Slapper worm was announced, a third of the total servers were vulnerable. The paper can be found here in PDF or Postscript."

1 of 202 comments (clear)

Min score:

Reason:

Sort:

Re:Securing OpenSSL by Flowers · 2002-11-15 12:03 · Score: 0, Offtopic

Windows Update is a trojan. </obligatory aniti-MS sentiment>

--
Somehow, detached from my actual behavior, this innocence burdens me still.