Worm wriggles through year-old flaw, builds zombie-net A new worm doing the rounds is turning servers running older versions of the JBoss Application Server into botnet drones. The malware behind the attack is significant both because it targets servers rather than PCs and for its reliance on exploiting a vulnerability that is over a year old – a flaw in JBoss Application Server …
I have just finished a series of security awareness presentations in regional offices and highlighted how long it took mobile phone network providers to force people to put a pin on voicemail before it could be accessed from another phone, 4-5 years, i.e. you cannot trust manufacturers to fix security weaknesses in a timely manner.
Red Hat fixed this quickly, but admins failed to patch, so while we can moan about industry being slow to respond, we need to look to ourselves as well. There was probably a false sense of security in that linux is is not often a terget, but these days, everyone is a target and when there is a security patch released, there should be someone applying it.
It could also be that outsourced code is crap.
Some a-hole lies to the headshop about his skillz then the headshop lies to the contract holder about the skill sets their code slaves have on tap. Then someones cousin steals the code off of the Internet and it takes the whole village to make something that looks like it works.
Outsourcing is phenomenally stupid idea. Unless you want to make room for bonus $$$ and want to kill the company.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
