Cisco Patches Authentication, Denial-of-Service, NTP Flaws In Many Products

itwbennett writes: Cisco Systems has released a new batch of security patches for flaws affecting a wide range of products, including for a critical vulnerability in its RV220W wireless network security firewalls. The RV220W vulnerability stems from insufficient input validation of HTTP requests sent to the firewall's Web-based management interface. This could allow remote unauthenticated attackers to send HTTP requests with SQL code in their headers that would bypass the authentication on the targeted devices and give attackers administrative privileges.

Input validation does not cause SQLi

[WaffleMonster]

The only cause of SQLi is gross incompetence. It can never be caused by an accident or failure to do something.

It can only caused by willful and deliberate action to do something you know or should know to be wrong, stupid and dangerous at the time you did it. Unbound query strings don't build themselves.

Re: Hey timothy

[drinkypoo]

Come on. Show some compassion. People losing their jobs is not something to be so cavalier about, regardless of your opinions of them.

Yes, yes it is, because they were shit at their fucking jobs. In a world in which there are so many people homeless, jobless, hopeless, it's fucking pathetic to see people phone in their job like they can't be arsed to give one tenth of one fuck. That's especially true in tech, where more and more workers are losing their jobs even when they do them.

If they were good at their jobs, or even made more than a token effort, then we would miss them. They were shit, and they shit up Slashdot, and if you miss them, you're part of the fucking problem because you've been giving them a free pass for their shit work. Why would I miss an employee with no work ethic?