Cache Servers Keeping Exploit Code Alive

← Back to Stories (view on slashdot.org)

Cache Servers Keeping Exploit Code Alive

Posted by ryuzaki0 on Thursday October 12, 2006 @07:10AM from the night-of-the-living-exploit dept.

1960's architecture writes, "At last some evidence that exploit code is hiding on servers used to cache website content. According to Techworld, Israeli outfit Finjan has come up with evidence that real exploits have hidden on cache servers used by large search engines, effectively extending their life for periods of weeks after the original website had been taken down. The exploits detailed are from 2003-2004, but the principle would still apply to any exploit website around today, and any cache servers used by any one of the three unnamed search engines. It's almost literally malware 'life after death.'"

8 of 68 comments (clear)

Min score:

Reason:

Sort:

What about e-muggers? by celardore · 2006-10-12 07:24 · Score: 2, Funny

Hey sucka, gimme your cache!
More needs to be done by nickheart · 2006-10-12 07:28 · Score: 3, Funny

... and think of all those old hard disks with exploits on them. We need to go to the dump and degauss all of them, NOW! C'mon people, this is a security issue.
gimme a break, a cache is a cache, it's supposed to have old information, even if that information is wrong, or destructive.
Re:news to me by geoffspear · 2006-10-12 07:31 · Score: 3, Funny

If by "like the live sites" you mean "not at all", then yes, they're scanned exactly the same.

--
Don't blame me; I'm never given mod points.
Re:news to me by Anonymous Coward · 2006-10-12 07:43 · Score: 1, Funny

i know the caching is an automated process, but the caches themselves aren't scanned for malware/code exploits like the live sites?

Ours are. We have an army of pixies and an ostrich called Sam who painstakingly audit and review everything we store on our web caches. We chose pixies because they're quite small and we can pack them tightly to get the density up. Real world IT solutions rarely scale up to enterprise performance without squashing a few little folk and sometimes it can be fun to squash a few anyway. We got the ostrich because we were tired of sticking our own necks out, he's since become an adept systems administrator and effective manager. In fact, Sams cache purges and disk quota enforcement are the stuff that legends are made of.
on with the slashdot mantra by russ1337 · 2006-10-12 07:51 · Score: 2, Funny

Its important to cache, so you can find jems like this!
1. Re:on with the slashdot mantra by Anonymous Coward · 2006-10-12 08:33 · Score: 1, Funny
  
  digg FTW!!!
  
  site:digg.com "i for one welcome our new" overlords
  Results 1 - 10 of about 1,290
Almost literally? by tobiasly · 2006-10-12 08:51 · Score: 5, Funny

It's almost literally malware 'life after death.'

But is it almost literally, or literally almost? What would make it true life after death? (Literally)
Like Joe Rogan said by Lord+Kano · 2006-10-12 09:51 · Score: 5, Funny

Trying to get something off of the internet is like trying to get pee out of a pool.

Why not just patch the vulnerabilities? If publishers would fix their shortcomings then it wouldn't be an issue.

LK

--
"Hi. This is my friend, Jack Shit, and you don't know him." - Lord Kano