 
Main Menu
|
|
Nevada Classics
|
|
Advertise at CC
|
| S |
M |
T |
W |
T |
F |
S |
| |
|
|
|
|
1 |
2 |
| 3 |
4 |
5 |
6 |
7 |
8 |
9 |
| 10 |
11 |
12 |
13 |
14 |
15 |
16 |
| 17 |
18 |
19 |
20 |
21 |
22 |
23 |
| 24 |
25 |
26 |
27 |
28 |
29 |
30 |
| 31 |
|
|
|
|
|
|
|
|
CC Advertisers
|
|
 2Likes
05-10-2017, 07:42 AM
|
 |
CC Member
|
|
|
Join Date: Aug 2015
Cobra Make, Engine: All original, with Chevy engine since 1964
Posts: 996
|
|
Not Ranked
Meanwhile,
Robert has been working 10-14 hour days for the past 2 weeks straight, writing new traffic detection patterns for inline web application firewalls, and re-orienting SSL termination points up into shallower border crossing points within the corporate DMZ architecture; in order to trap, isolate, and remediate a pernicious security vulnerability which extends from implementing Struts RCE in Apache webserver....
And I've been viciously berating every brain-dead software developer (and their Management) over every true-positive hit I get for Struts RCE, anywhere in the layered product footprint...They can't hide. I have the ability to run TCPDUMP directly on their servers- Wireshark shows me everything I need to see. Some of these idiots even had the RCE listener activated, when they didn't even have a configured servlet bound to the listening port... Morons.
Of course, I've been preaching to our Senior Management about the inherent risk to using open-source application frameworks since 2006- These Ass-Clowns should have redesigned their Java crap away from Struts, and into one of the more up to date MVH hierarchies, a looooooong time ago.
Nobody ever listens to me... It's like I'm speaking a foreign language, or something. 
Oh, and my Cobra has a dead battery.
__________________
- Robert
|
05-10-2017, 08:40 AM
|
 |
CC Member
|
|
|
Join Date: Feb 2008
Location: Paradise Valley,
Az
Cobra Make, Engine: FFR MK3/302/570 street avenger
Posts: 1,348
|
|
Not Ranked
Sounds like you need to get out more ! Maybe take a drive ?? 
At very high speeds !!!!!!
Last edited by Scotchman; 05-10-2017 at 08:41 AM..
Reason: add
|
05-10-2017, 09:23 AM
|
 |
CC Member
|
|
|
Join Date: Jul 2004
Location: Phoenix area,
az
Cobra Make, Engine: ERA FIA, 396 Windsor Stroker (Formerly: Unique 427 powered by a 351W with mysterious innards)
Posts: 264
|
|
Not Ranked
Quote:
Originally Posted by moore_rb
Meanwhile,
Robert has been working 10-14 hour days for the past 2 weeks straight, writing new traffic detection patterns for inline web application firewalls, and re-orienting SSL termination points up into shallower border crossing points within the corporate DMZ architecture; in order to trap, isolate, and remediate a pernicious security vulnerability which extends from implementing Struts RCE in Apache webserver....
And I've been viciously berating every brain-dead software developer (and their Management) over every true-positive hit I get for Struts RCE, anywhere in the layered product footprint...They can't hide. I have the ability to run TCPDUMP directly on their servers- Wireshark shows me everything I need to see. Some of these idiots even had the RCE listener activated, when they didn't even have a configured servlet bound to the listening port... Morons.
Of course, I've been preaching to our Senior Management about the inherent risk to using open-source application frameworks since 2006- These Ass-Clowns should have redesigned their Java crap away from Struts, and into one of the more up to date MVH hierarchies, a looooooong time ago.
Nobody ever listens to me... It's like I'm speaking a foreign language, or something.
Oh, and my Cobra has a dead battery. |
Everyone needs a place to vent. Corporations (and banks especially) using open source software are just asking for trouble. ("But it's practically free!")
__________________
The old saw says ‘If you want a thing done right, do it yourself.’ The true statement is ‘If you want it done your way, do it yourself.’ There are many flavors of ‘right’.
|
05-11-2017, 07:33 AM
|
|
CC Member
|
|
|
Join Date: Aug 2015
Cobra Make, Engine: All original, with Chevy engine since 1964
Posts: 996
|
|
Not Ranked
Quote:
Originally Posted by Danr55
Rob, approach from a different flank. Make them think it's their idea.
|
Yeah, I can't do that... I've tried in the past, and it just leaves me feeling "slimy"... I have an ethical conundrum with allowing the credit for accomplishment to be afforded to those whose sole contribution to the effort was that they "Ask the tough (aka dumb) questions". It's a character flaw on my part, I'm sure. 
Quote:
Originally Posted by nniets
Everyone needs a place to vent. Corporations (and banks especially) using open source software are just asking for trouble. ("But it's practically free!")
|
Don't get me started again, Stein...  To be fair, all this stuff is 3rd tier, non-core, internal use software (mostly workflow and queue management stuff)- really dry, uninteresting, boring... Using open source for this stuff wasn't necessarily wrong, they just didn't keep up with the house-keeping.
It's like these guys never changed their anti-freeze, and when the freeze plugs rusted out and started leaking, all they could tell me was "We don't know why they're leaking; The engine had brand new freeze plugs when we installed it in the car, 300,000 miles ago"....  )
__________________
- Robert
|
| Thread Tools |
|
|
| Display Modes |
 Hybrid Mode
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
All times are GMT -7. The time now is 11:31 AM.
Links monetized by VigLink
|
