"Any application on any device from any location"
A critical vulnerability found in Citrix Application Delivery Controller and Citrix Gateway (formerly known as Netscaler ADC and Netscaler Gateway) means businesses with apps published using these technologies may be exposing their internal network to unauthorised access. Citrix (NetScaler) ADC is a load balancer and …
@"To be fair, that applies to all software. Patch and move on people :)"
"Ah, the house burnt down, meh it's all in a days work" this level of complacency is unbecoming in someone supposedly taking security seriously.
Perhaps making certain that code is free of vulnerablities before releasing would be better than having to rebuild the house each time, certainly if you are having to pay the costs.
...who knows a zero day exploit.
To be fair, that applies to all software. Patch and move on people :) ..... Anonymous Coward
Of course, some vulnerabilities are abiding exploits which will never have patches available.
That puts real smart zero days in effective leading command and control ....... which you may note is not a question to suggest the possibility or existence of doubt.
And such is the exciting nature of future shenanigans. I Kid U Not.
And a quite surreal and most efficient stealth is provided by the presence of an insistent persistent disbelief.
Oh, and Merry Xmas, El Regers. ...... Ever onwards and upwards. :-)
Regarding .. Is the sky falling or is it just me? ..... in the quantum environment are both an experience one can imagine and realise for the birthing and/or berthing of other virtual realities one can driver oneself in the company of others similarly gifted .... or cursed as the case may be in those less than well enough enabled to cope and deal with all manner of such matters.
Crikey, Jumping Jehoshophat Batman, .... a brace of cohesive posts in as many days. That's definitely progress in deed, indeed.
Most of the Citrix setups aren't setup properly. So from a dialogue box, such as a save box, you can browse the local server, run cmd, then run IE or whatever other browser is installed. Then use their server to browse the Internet bypassing any local filtering. Also download all your exploits to that server from itself.
No one would leave a server so open I hear you say. Yes they would. A finance department were using a very small company to supply them with their finance app. With the main company we were at forcing a move to "cloud" for every department this small company didn't want to loose business so said they now had a "cloud" version of their app. They didn't really. It was just stuck on a server in one data centre. I said I wanted to test it before fully going live. They hadn't implemented 2fa, which they put on after my suggestion. Then once on the server it was easy to break out of the app, browse the server, run whatever you wanted and surf the net to your hearts content. They originally were gonna make it live in that state!
I'm guessing someone is equating an unauthenticated remote code execution flaw with a poorly setup Citrix environment to suggest all Citrix environments are insecure.
Next they will be using the same post to show how they brilliantly saved the world while still missing the original point...
Erm... Windows has functionality to authenticate who is logging in. Then they are logged in - in a similar way to if they log in to a desktop or laptop.
Being able to run look at files you have permissions to look at, and run web browsers on a computer that you have logged into is not really a security issue. If it is you are doing it wrong.
"Why do people insist on calling something by a defunct technology acronym that (almost certainly) isn't even in use in that product?"
It gets worse, I was in a pub watching something called "football" and they used both their feet and their heads. Ridiculous isn't it?
And when are they going to release HTTPT?
Based on Heinz failed attempt to rebrand Salad Cream to sandwich cream, I'm not sure there's any hope that TLS will replace SSL, for vpn's or secure web access in the public's eyes, in the next decade or two ha ha.
Plus ignoring the technical geekery, there is something comforting about SSL the public will always love...however mis-guided.
Ever since xendesktop 7 was released, the product has been utter tosh. Released too early with a sub standard featureset full of bugs and now security flaws. The product of cheap and agile software development. It's ok it will be a good.product 8 years after initial release
Biting the hand that feeds IT © 1998–2021