Slashdot Mirror

← Back to Stories (view on slashdot.org)

FireEye Tries to Bury Keynote Reporting That It Ran Apache As Root On Security Servers

Posted by timothy on from the doctor-streisand-on-line-one dept.

An anonymous reader writes: Leading network security company FireEye, which has customers in government and the Fortune 500 list, has caused a controversy at a London security conference today after its legal attempts to stop a keynote speech detailing the repair of major security loopholes in its customer-facing systems this year. Reported among these now-fixed vulnerabilities were the running of a significant number of FireEye's Apache-based security servers as 'root' — meaning that any attacker able to compromise the servers would have had absolute power over all its operations and commercial connections.

2 of 108 comments (clear)

  1. Amusing coincidence... by bob_super · · Score: 3, Interesting

    I was just staring at Process Explorer, wondering why my company decided that the FireEye policy would allow it to max out one of my cores in the middle of the afternoon.

  2. Clickbait Headlines by Anonymous Coward · · Score: 2, Interesting

    So looking at this in depth, it looks like FireEye has already publicly disclosed said vulnerabilities after fixing them months ago. They then try to stop the presentation because it allegedly reveals too much of their IP (which is itself worth discussing but totally separate) and we get a bunch of headlines saying "ZOMG! FireEye is trying to silence people for revealing vulnerabilities!". This is trigger happy, bullsh*t journalism at its finest. Not quite accurate or informative but just close enough to get people prematurely worked up in a tizzy for page views.