Quick: Manually patch this Zimbra bug that's under attack A vulnerability in Zimbra's software is being exploited right now by miscreants to compromise systems and attack selected government organizations, experts reckon. An update to squash the security bug won't be pushed out until later this month, according to the developer, which for now has "kindly" asked customers to manually …
‘The flaw .. “could potentially impact the confidentiality and integrity of your data” .. In other words, the bug can be exploited to steal or alter information among other things.’
I think we got it the first time :)
- quote -
Before the update, the line appeared as below
<input name="st" type="hidden" value="${param.st}"/>
After the update, the line should appear as below
<input name="st" type="hidden" value="${fn:escapeXml(param.st)}"/>
- unquote -
Seems perfectly clear to me /s
Why does this article not EMPHASISE that there are many ordinary -- non-technical -- people out there who have no idea about the compromise of their personal information.
I'm reminded about the deafening silence about the Royal Free Trust and Google/Deepmind:
- Link: https://www.theguardian.com/technology/2017/jul/03/google-deepmind-16m-patient-royal-free-deal-data-protection-act
And then there's the repeated claim about the protection offered by "anonymised" data, except for this:
- Link: https://www.theguardian.com/technology/2019/jul/23/anonymised-data-never-be-anonymous-enough-study-finds
So....the technically educated might get to know -- and do something about it ..........but millions of the rest of us get exploited in ways we can never know about!
Roll up! Roll up! Get the latest shiny!! .... And get exploited!!!
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2023
