Wednesday, March 08, 2006

Security: ignorance is not bliss

.. it's just plain stupid

Updated, see below.

In a previous post I talked about a security risk my colleagues and I had discovered with a relatively widespread web application. Apparently the cms is not widespread enough or the web masters, whom I notified of the problem on their sites, do not think it a problem that clever bad guys can go in and completely destroy their site.

It may be a choice for the web masters to ignore my message. (Maybe it even got trapped in an over eager spam filter.) But a decision to do nothing is a decision as well. It can be well thought about decision, but in my opinion it is plain stupid to leave your system vulnerable when the protection for that vulnerability is so simple.

What bothers me most

The thing that bothers me most that the supplier of the software, Ektron has not done anything.

So here I am thinking should I warn them again?

Update [13 March 2006]

Ektron has taken notice and is taking action, read this.