back to article Sophos pulls out spade, fills in holes in Web Appliance

Sophos has pulled out the weeds in its web-scanning software after Core Security identified multiple holes in its Web Protection Appliance versions 3.8.0, 3.8.13 and 3.7.9 and earlier. The Core Security advisory states that if a remote attacker can gain access to the appliance's web administrator interface, the attacker could …

COMMENTS

This topic is closed for new posts.
Silver badge

You have to wonder if a web admin interface is the way to go with security software.

1
0
Anonymous Coward

I'd love to know...

...what Graham Clueless (sic) has to say about that.

3
1
Anonymous Coward

Re: I'd love to know...

Nothing terribly relevant, I wouldn't imagine. Seeing as he doesn't work there any more.

1
0
Anonymous Coward

Re: I'd love to know...

"he doesn't work there any more."

So?

E.g. that minor detail doesn't seem to have removed him from the BBC's phone book when they need a rentaquote on "computer security".

E.g. he was on BBC R4 Today a few days ago doing 30 seconds or so on NSA/GCHQ having broken internet commerce security (but not on omnisurveillance, obviously, as the BBC have a D Notice to observe).

0
0

Doesn't do what it says on the Tin.

$company has pulled out the weeds in its $some.software after $third.party identified multiple holes in its $doesn't.do.what.it.says.on.the.tin. The $third.party states that if a remote attacker can gain access to the $doesn't.do.what.it.says.on.the.tin interface, the attacker could execute arbitrary commands and gain root privileges. Didn't they pick this up when they tried to hack the device, they did try and hack the device before relesing it, didn't they.

0
0
This topic is closed for new posts.

Forums