Sign in / up

back to article Still losing sleep over that awful Citrix bug? This scanner is here to help... you realize you've already been pwned

Citrix and FireEye have released a new security tool to help admins find out if their servers have been hacked via the high-profile CVE-2019-19781 flaw that was disclosed in December but only patched on Monday. The free application, shared under the Apache 2.0 open-source license, will scan devices for indications of …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. Anonymous Coward
    Anonymous Coward

    Update time again

    The bug's been fixed, no need to worry - except a "bug fix" leading to a software update is just one bug fixed moved somewhere less harmful for the moment. Code is super buggy these days, virtually every app on my phone updates every week - what does that tell us about the codeine (sic) quality these days?

    I don't lose sleep over bugs like this, there's no point because there will be another bug somewhere else in the morning.

    1 5 Reply
  2. GnuTzu
    Thumb Up

    "Code is super buggy these days..." That point is worthy of comment. Once upon a time, one would have hoped for some logarithmic leveling off of bug growth. But, today's code growth, in fact code library growth, does not appear to be linear. Big-O notation for it is likely a bit messy, either polynomial, exponential, or the product thereof. So, what does that say for bug growth? Anyone got any solid statistics for identifying a trend?

    1 0 Reply

    1. This post has been deleted by its author

  3. Nate Amsden

    this is a good bug

    I often comment about how I am not concerned about many of the bugs especially the Spectre type information leaking types as overblown because I believe in the vast majority of cases they are. This Citrix bug is good though. Too bad Citrix was not able to respond with a full fix quicker, I wonder if this bug is how Citrix themselves got hacked a while back. I have been using Netscalers since about 2011 (before that used F5 mainly), and was quick to get the workaround in and then patch the systems I have when the patch came out (using 11.1 code). That pulse secure bug last year was good too (affected by that as well).

    0 0 Reply
    1. Claptrap314 Silver badge
      Reply Icon

      Re: this is a good bug

      I was in an interview last week for the first time I said, "With your workloads, you should be aware that you don't need to defend against Spectre if all of the code on a box is yours." The response? "Yes, and we don't."

      I do hope they make an offer.

      0 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like