[nniets]

Quote:

Originally Posted by moore_rb

Meanwhile,

Robert has been working 10-14 hour days for the past 2 weeks straight, writing new traffic detection patterns for inline web application firewalls, and re-orienting SSL termination points up into shallower border crossing points within the corporate DMZ architecture; in order to trap, isolate, and remediate a pernicious security vulnerability which extends from implementing Struts RCE in Apache webserver....

And I've been viciously berating every brain-dead software developer (and their Management) over every true-positive hit I get for Struts RCE, anywhere in the layered product footprint...They can't hide. I have the ability to run TCPDUMP directly on their servers- Wireshark shows me everything I need to see. Some of these idiots even had the RCE listener activated, when they didn't even have a configured servlet bound to the listening port... Morons.

Of course, I've been preaching to our Senior Management about the inherent risk to using open-source application frameworks since 2006- These Ass-Clowns should have redesigned their Java crap away from Struts, and into one of the more up to date MVH hierarchies, a looooooong time ago.

Nobody ever listens to me... It's like I'm speaking a foreign language, or something.

Oh, and my Cobra has a dead battery.

Everyone needs a place to vent. Corporations (and banks especially) using open source software are just asking for trouble. ("But it's practically free!")