Sophos pulls out spade, fills in holes in Web Appliance Sophos has pulled out the weeds in its web-scanning software after Core Security identified multiple holes in its Web Protection Appliance versions 3.8.0, 3.8.13 and 3.7.9 and earlier. The Core Security advisory states that if a remote attacker can gain access to the appliance's web administrator interface, the attacker could …
"he doesn't work there any more."
So?
E.g. that minor detail doesn't seem to have removed him from the BBC's phone book when they need a rentaquote on "computer security".
E.g. he was on BBC R4 Today a few days ago doing 30 seconds or so on NSA/GCHQ having broken internet commerce security (but not on omnisurveillance, obviously, as the BBC have a D Notice to observe).
$company has pulled out the weeds in its $some.software after $third.party identified multiple holes in its $doesn't.do.what.it.says.on.the.tin. The $third.party states that if a remote attacker can gain access to the $doesn't.do.what.it.says.on.the.tin interface, the attacker could execute arbitrary commands and gain root privileges. Didn't they pick this up when they tried to hack the device, they did try and hack the device before relesing it, didn't they.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
