back to article Got a Sophos Web Protection box? Make sure it's up to date

Sophos has plugged security holes in its Web Protection Appliance that could place its customers' internet connections in the hands of eavesdroppers. The equipment is supposed to filter out suspicious or harmful web traffic for businesses. But the flaws allowed any unauthenticated user to access sensitive configuration files …

COMMENTS

This topic is closed for new posts.
  1. Ian 62
    Pint

    Well done all round

    Seems like everyone was very grown up about it.

    Studied, found, reported, fixed, deployed, thanked.

    No one unleashed the WTFBBQLawyerMissiles! Or went to the blackhats or greyhats to embarrase someone.

    Wonder why others make it so 'dramatic'?

    1. Anonymous Coward
      WTF?

      Re: Well done all round

      Well done? It seems to me that they haven't done what they are preaching. When will people understand that the applications these 'security companies' try to sell are no more secure than any other application out there.

      I for one think that the security industry needs a security industry.

      1. Anonymous Coward
        Anonymous Coward

        Re: Well done all round

        -> "...and will be made available to all remaining customers on April 1."

        Perfectly timed?

  2. frank ly

    Shakes head

    Is it actually possible to create an OS/app/device/appliance or website/etc that does not have security holes in it? You'd think that large corporations who specifically operate in the subject area would know what they are doing, .... but no. I'd have thought that all the potential security vulnerabilities would be known and understood by now?

    1. Anonymous Coward
      Anonymous Coward

      Re: Shakes head

      What i find hilarious is that they wrote the interface in php and named it 'web protector', the irconic-meter goes off the scale on that one.

    2. Christian Berger

      Re: Shakes head

      Sophos is a company that _claims_ to know about security. Not a company that actually knows about security.

      Yes you can drastically reduce the number of security holes by carefully engineering the software and by making sure your developers understand the problem of security. Typically companies don't bother with that.

    3. Don Jefe

      Re: Shakes head

      You can no more create a system with zero vulnerabilities than you can create a perpetual motion machine. The idea is to minimize them and correct them when they are located.

This topic is closed for new posts.

Other stories you might like

Biting the hand that feeds IT © 1998–2022