Slashdot Mirror


Due Diligence?

ekr writes "The OpenSSL remote buffer overflows discovered at the end of July got a lot of press here on /. But how many people actually fixed their machines? I decided to study this question, and the results are kind of depressing. Two weeks after the release of the bug, over two thirds of the servers I sampled were still vulnerable. Even two weeks after the Slapper worm was announced, a third of the total servers were vulnerable. The paper can be found here in PDF or Postscript."

1 of 202 comments (clear)

  1. The Barcella method saved my bacon by HamNRye · · Score: 1, Troll

    Wow, I just read this after reading that article about sh*tty programming, and Michael Barcella saved my bacon. I have decided not to install any patches because:

    I can't understand what the he** this program is doing. It's all just "use stdio.h"... WTF?? You wackos can read this stuff??

    It is not written in perl, ruby, python, JavaScript or some other high level language. MB told me that C/C++ is evil. I believe him.

    While I was trying to read it, a friend came up and pointed at the screen. Rule #3, no pointers.

    Finally, I did not see the official seal of the united states in the upper left corner of my text editor. I never do, but after reading MB's column, I look for it.

    However, I can't post this message because I am leaving the inet services off until I can understand all of the source for my TCP-IP stack. After that, I'm gonna tackle the source for Telnet.

    WooT!
    ~Hammy