.. it's just plain stupid
Updated, see below.
In a previous post I talked about a security risk my colleagues and I had discovered with a relatively widespread web application. Apparently the cms is not widespread enough or the web masters, whom I notified of the problem on their sites, do not think it a problem that clever bad guys can go in and completely destroy their site.
It may be a choice for the web masters to ignore my message. (Maybe it even got trapped in an over eager spam filter.) But a decision to do nothing is a decision as well. It can be well thought about decision, but in my opinion it is plain stupid to leave your system vulnerable when the protection for that vulnerability is so simple.
What bothers me most
The thing that bothers me most that the supplier of the software, Ektron has not done anything.
So here I am thinking should I warn them again?
Update [13 March 2006]
Ektron has taken notice and is taking action, read this.
No comments:
Post a Comment
Thanks for you comment. I will probably have to moderate it, so it could take some time to see it appear on the blog, but I am usually quite fast at that.
When I feel that you are commenting just to get some link spam to your own site,you will probably never see it appear ..