Feeds

back to article Got a Sophos Web Protection box? Make sure it's up to date

Sophos has plugged security holes in its Web Protection Appliance that could place its customers' internet connections in the hands of eavesdroppers. The equipment is supposed to filter out suspicious or harmful web traffic for businesses. But the flaws allowed any unauthenticated user to access sensitive configuration files in …

COMMENTS

This topic is closed for new posts.
Pint

Well done all round

Seems like everyone was very grown up about it.

Studied, found, reported, fixed, deployed, thanked.

No one unleashed the WTFBBQLawyerMissiles! Or went to the blackhats or greyhats to embarrase someone.

Wonder why others make it so 'dramatic'?

0
0
WTF?

Re: Well done all round

Well done? It seems to me that they haven't done what they are preaching. When will people understand that the applications these 'security companies' try to sell are no more secure than any other application out there.

I for one think that the security industry needs a security industry.

3
0
Anonymous Coward

Re: Well done all round

-> "...and will be made available to all remaining customers on April 1."

Perfectly timed?

0
0
Silver badge

Shakes head

Is it actually possible to create an OS/app/device/appliance or website/etc that does not have security holes in it? You'd think that large corporations who specifically operate in the subject area would know what they are doing, .... but no. I'd have thought that all the potential security vulnerabilities would be known and understood by now?

0
0

Re: Shakes head

What i find hilarious is that they wrote the interface in php and named it 'web protector', the irconic-meter goes off the scale on that one.

1
0
Silver badge

Re: Shakes head

Sophos is a company that _claims_ to know about security. Not a company that actually knows about security.

Yes you can drastically reduce the number of security holes by carefully engineering the software and by making sure your developers understand the problem of security. Typically companies don't bother with that.

1
0
Silver badge

Re: Shakes head

You can no more create a system with zero vulnerabilities than you can create a perpetual motion machine. The idea is to minimize them and correct them when they are located.

3
0
This topic is closed for new posts.