back to article Still losing sleep over that awful Citrix bug? This scanner is here to help... you realize you've already been pwned

Citrix and FireEye have released a new security tool to help admins find out if their servers have been hacked via the high-profile CVE-2019-19781 flaw that was disclosed in December but only patched on Monday. The free application, shared under the Apache 2.0 open-source license, will scan devices for indications of …

  1. Anonymous Coward
    Anonymous Coward

    Update time again

    The bug's been fixed, no need to worry - except a "bug fix" leading to a software update is just one bug fixed moved somewhere less harmful for the moment. Code is super buggy these days, virtually every app on my phone updates every week - what does that tell us about the codeine (sic) quality these days?

    I don't lose sleep over bugs like this, there's no point because there will be another bug somewhere else in the morning.

  2. GnuTzu Silver badge
    Thumb Up

    "Code is super buggy these days..." That point is worthy of comment. Once upon a time, one would have hoped for some logarithmic leveling off of bug growth. But, today's code growth, in fact code library growth, does not appear to be linear. Big-O notation for it is likely a bit messy, either polynomial, exponential, or the product thereof. So, what does that say for bug growth? Anyone got any solid statistics for identifying a trend?

    1. This post has been deleted by its author

  3. Nate Amsden

    this is a good bug

    I often comment about how I am not concerned about many of the bugs especially the Spectre type information leaking types as overblown because I believe in the vast majority of cases they are. This Citrix bug is good though. Too bad Citrix was not able to respond with a full fix quicker, I wonder if this bug is how Citrix themselves got hacked a while back. I have been using Netscalers since about 2011 (before that used F5 mainly), and was quick to get the workaround in and then patch the systems I have when the patch came out (using 11.1 code). That pulse secure bug last year was good too (affected by that as well).

    1. Claptrap314 Silver badge

      Re: this is a good bug

      I was in an interview last week for the first time I said, "With your workloads, you should be aware that you don't need to defend against Spectre if all of the code on a box is yours." The response? "Yes, and we don't."

      I do hope they make an offer.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020