How not to handle a critical security vulnerability (Zamfoo - cont.)
-
Continuing the discussion from Unicode (of course):
It's ctrl+shift+E [for Firefox's tab grouping]
Ah - forgot about that... Just tried it, and found some old tabs I had lying around....
It appears that the software mentioned over here (Zamfoo), is still walking around like a zombie nearly a year later.
Summary for those late to the party:
[quote=""]
[from concerned netizens]
We reported two critical security vulnerabilities to Zamfoo approximately two weeks ago and they have not yet issued a patch and/or appear to even be working on it! I bumped them today looking for an update to which they replied:Quote: [from author of the software]
Not at this time. They are in queue to be worked on.
To put the two security flaws into perspective, anyone running Zamfoo right is at risk of having their servers rooted in literally a matter of seconds. The notion that Zamfoo isn't taking these security flaws serious is insulting to the community and therefor, per our internal policy, we will be issuing a working proof of concept within 24 hours from now that will allow anyone to gain root access.
Pardon the caps, the bold and the red, but I need to make this very clear to everyone running Zamfoo because you are going to be at an insane risk come tomorrow:
UNINSTALL THE SOFTWARE RIGHT NOW.
[/quote]Author of software effectively tells reports to FOAD and things go sharply downhill from there.
-
Please warn me in the future when you're linking to a thread where @ben_lubar is talking about vaginas.
I feel sick now.
-
Hey, it's my birthday in twelve days!
-
Hey, it's my birthday in twelve days!
Oh, I didn't get you anything.
Filed under: And I'm not going to.
-
Hey, it's my birthday in twelve days!
Will you be 12 years old finally?
Edited: Fixed spelling.
-
I will be 12 days old.
-
This will continue to happen for as long as people can keep selling insecure software and refusing to fix it with no legal repercussions at all.
-
Page 15 of the WHT thread. Second post. Do you see what I see?
-
Ah, so it should be mikeTheLawyer? It all makes sense now.
