Sign in / up

back to article Barracuda tells its ESG owners to 'immediately' junk buggy kit

Barracuda has now told customers to "immediately" replace infected Email Security Gateway (ESG) appliances — even if they have received a patch to fix a critical bug under exploit. The vendor disclosed the remote command injection bug, tracked as CVE-2023-2868 flaw last week, which affects versions 5.1.3.001 to 9.2.0.006 of …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. Anonymous Coward
    Anonymous Coward

    So , they F** it up are they going to replace it at no cost , or is this just the latest ploy of corporations finding new markets to exploit?

    Hay we could work with virus writes and get our latest range promoted...

    8 0 Reply
    1. JessicaRabbit
      Reply Icon

      Quite so and not to mention up to 11,000 devices now headed to landfill.

      5 0 Reply
      1. Anonymous Coward
        Reply Icon
        Anonymous Coward

        Many will end up with recyclers, and thus on eBay.

        Given they're usually just x86 boxes in a fancy chassis I can see lots of these being snapped up by the homelab crowd and repurposed.

        Still a shitty way of doing things though!

        1 0 Reply
  2. Henry Wertz 1 Gold badge

    Yes please

    Yes please, buy more kit from us!!!

    Umm, yeah.

    4 0 Reply
  3. Anonymous Coward
    Anonymous Coward

    I don't have their kit, but if I did, I would replace it - with a competitor's!

    6 0 Reply
  4. Giles C Silver badge

    Full replacement

    Full replacement, I would have thought all the system files would be held on a SSD or similar.

    Therefore is the device is compromised then all should need to happen is replace the drive with a new image, unless somehow the vulnerability is in the hardware…

    2 1 Reply
    1. DuncanLarge
      Reply Icon

      Re: Full replacement

      Perhaps the UEFI has been compromised. If so any new SSD can be re-infected.

      1 0 Reply
    2. I Am Spartacus
      Reply Icon
      Flame

      Re: Full replacement

      The suggestion on another thread is that he firmware has been corrupted in a way that prevents it from being replaced. I imagine that this means the firmware has been corrupted to (a) Always allow new code to be installed silently, thus contiuing the intrusion, and (b) silently prevents any further update/downgrade/replacement of the firmware.

      It has to be something pretty low level to force a full blown replacement of hardware units.

      Instead of Halt and catch fire, this is more halt and be incinerated

      3 0 Reply
    3. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Re: Full replacement

      There are many controllers that could be infected, if it was only a drive, it would be an easy fix. "Every chip that has writeable memory" is a potential harbor for malware. It's likely they know what part(s) is infected and it's more work (labor time) to access pull the components, than the cost of replacing the unit.

      0 0 Reply
  5. StrangerHereMyself Silver badge

    Ironic

    A security appliance designed to secure networks becomes a security hazard itself. Who would've thought...

    Tear out Barracuda's stuff and junk them. Replace them with someone's that knows how to make a secure appliance.

    I'll bet Barracuda's management will put the company up for sale to a competitor, cashing in a nice bonus to boot.

    1 0 Reply
    1. Mike 137 Silver badge
      Reply Icon

      Re: Ironic

      "Tear out Barracuda's stuff and junk them. Replace them with someone's that knows how to make a secure appliance"

      Whose, for example? There seems not to be a single vendor that can be relied on to deliver vulnerability-free code. Huawei has taken the public hammering for lousy code, but I bet they're no worse than any other vendor.

      The only potential solution at present is defence in depth using kit from multiple vendors, although that's also suspect as they may well use the same buggy O/S libraries. Until the quality of software development reaches adequate standards, no real defence is possible.

      1 0 Reply
      1. Anonymous Coward
        Reply Icon
        Anonymous Coward

        Re: Ironic

        Contract the malware writers to write 'better' code as they seem to understand the hardware quite well !!!

        :)

        3 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like