Reply to post: It's easy to point and laugh

vBulletin zero-day KOs Comodo user forums – that's 245,000 accounts at risk of compromise

Alister

It's easy to point and laugh

However here's a couple of thoughts:

The reality is for any large organisation, that there will be a change management process which has to be followed, and that process can take some time.

There must be a risk management process, and setting up an agreed maintenance window, and notifying users that the forum will be offline.

It's not just a single bloke in his mum's basement, who can decide to do the upgrade when he wants.

Secondly, VBulletin is notoriously fickle, and if you have any customisations or add-ons then upgrading to the latest version can really screw things up. To do that without any testing would be fatal, and obviously testing takes time.

Given they had five days notice, I'm not surprised they hadn't yet patched it.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon