back to article Sophos' putrid patch snuffs Citrix kit, kills call centre

A Sophos Web Appliance update has crashed users' PC fleets including knocking offline the Australian call centre of a global company for two days after support was quietly revoked for SSL 3.0 ciphers used in Citrix Receiver. The British security firm pushed out update version 4.0.2.3 last week to correct four non-critical …

  1. Ole Juul

    security

    He says that upgrade would normally be planned and coordinated in advance.

    So there's a vulnerability in their planning and coordination which needs to get patched as well.

    1. Destroy All Monsters Silver badge
      Paris Hilton

      Re: security

      Wuh?

  2. nowster

    And how long have they been putting off an upgrade to their call centre's database front end so that it uses protocols newer than SSLv3? Did they even plan one? Are they still using an ancient version of Internet Explorer with Citrix?

    1. SleepyUK

      If you use Citrix secure gateway (as many still using XenApp 6.5 do) you're limited to TLS 1.0 at best, disabling SSLv3 can be a pain, as CSG ignores the usual reg keys and can be temremental / require some fettling to get it reliably using TLS 1.0 only.

      Given that CSG is effectively a re-badged apache instance, acting as a proxy, it's poor showing for Citrix to avoid supporting TLS 1.1 and 1.2 for existing customers.

  3. Mad Chaz
    Childcatcher

    Well, consider the following.

    Most citrix setup, especially in a call center, aren't internet facing. This means they aren't exposed to the internet. So the kind of encryption used in the connection, if it's going over LAN, is relatively unimportant. So patching for a SSL vulnaribility isn't that much of a security priority.

    The vendor did not provide the complete information on the patch. More specifically, on a component of the patch they should have known could cause very big issues.

    While I can't condone the corporate policy of always having the oldest software you can get away with, the vendor is really who failed here.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020