back to article Pathetic patching leaves over 70,000 Memcached servers still up for grabs

If you're running the caching service Memcached, and particularly if you're exposing it to the public internet for some reason, please make sure you've patched it. Tens of thousands of vulnerable systems haven't. Back in October, researchers at Cisco’s Talos security team found three major security vulnerabilities that would …

  1. David Roberts Silver badge

    Made me look

    First written in Perl then rewritten in C. Old school.

    1. sabroni Silver badge

      Re: First written in Perl then rewritten in C.

      Why's that? Not enough potential for buffer overruns in Perl?

  2. Platypus

    Is it just me, or does the idea of running an internet-accessible memcached server already seem insane?

    1. Nate Amsden

      I'd wager most are on public clouds run by people who don't know what they are doing. Which i suspect makes up at least 70% of the public cloud customers out there.

      At least with your own facilities even if you don't patch it's highly likely the systems are behind a firewall or at least a NAT device not being directly exposed to the interwebs.

      Didn't even know memcache had authentication myself until this article. All the apps i have seen built with it over the past 10 years have not used that ability.

  3. Anonymous South African Coward Silver badge

    Ne'er-do-wells will be explotiing that - and only then will things be patched.

    Problem is you don't know when they'll be slamming the unpatched servers.

  4. Anonymous Coward
    Anonymous Coward

    I'm sure we'll be fine, we're using...oh..1.4.14. Yeah, better get on that.

    1. Alistair

      @ AC:

      Do remember to restart it. Cuz, y'know, it runs in memory.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021