05-10-2017, 10:23 AM
|
 |
CC Member
|
|
|
Join Date: Jul 2004
Location: Phoenix area,
az
Cobra Make, Engine: ERA FIA, 396 Windsor Stroker (Formerly: Unique 427 powered by a 351W with mysterious innards)
Posts: 264
|
|
Not Ranked
Quote:
Originally Posted by moore_rb
Meanwhile,
Robert has been working 10-14 hour days for the past 2 weeks straight, writing new traffic detection patterns for inline web application firewalls, and re-orienting SSL termination points up into shallower border crossing points within the corporate DMZ architecture; in order to trap, isolate, and remediate a pernicious security vulnerability which extends from implementing Struts RCE in Apache webserver....
And I've been viciously berating every brain-dead software developer (and their Management) over every true-positive hit I get for Struts RCE, anywhere in the layered product footprint...They can't hide. I have the ability to run TCPDUMP directly on their servers- Wireshark shows me everything I need to see. Some of these idiots even had the RCE listener activated, when they didn't even have a configured servlet bound to the listening port... Morons.
Of course, I've been preaching to our Senior Management about the inherent risk to using open-source application frameworks since 2006- These Ass-Clowns should have redesigned their Java crap away from Struts, and into one of the more up to date MVH hierarchies, a looooooong time ago.
Nobody ever listens to me... It's like I'm speaking a foreign language, or something. 
Oh, and my Cobra has a dead battery. |
Everyone needs a place to vent. Corporations (and banks especially) using open source software are just asking for trouble. ("But it's practically free!")
__________________
The old saw says ‘If you want a thing done right, do it yourself.’ The true statement is ‘If you want it done your way, do it yourself.’ There are many flavors of ‘right’.
|
2Likes
Threaded Mode
