Friendly forums for passionate Dems!
More than 92 million posts since 2001
Home Latest Greatest Videos Forums Hide ads Join up!
Home Latest Greatest
Videos Forums Help
Hide ads Join up!
Latest Discussions»Help & Search»Computer Help and Support»Equifax's disastrous Stru...
Welcome to DU! The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards. Join the community: Create a free account Support DU (and get rid of ads!): Become a Star Member Latest Breaking News Editorials & Other Articles General Discussion The DU Lounge All Forums Issue Forums Culture Forums Alliance Forums Region Forums Support Forums Help & Search

Computer Help and Support

Related: About this forum

steve2470

(37,468 posts) Wed Sep 20, 2017, 07:32 AM Sep 2017

Equifax's disastrous Struts patching blunder: THOUSANDS of other orgs did it too

http://www.theregister.co.uk/2017/09/20/equifax_vulnerability_could_be_widespread/

Thousands of companies may be susceptible to the same type of hack that recently struck Equifax.

The Equifax breach was the result of a vulnerable Apache Struts component. Software automation vendor Sonatype warns that 3,054 organisations downloaded the same Struts2 component exploited in the Equifax hack in the last 12 months. The affected version of Struts2 was publicly disclosed as vulnerable (CVE-2017-5638) on March 10, and was subsequently exploited at Equifax between May and late July, when the attack was finally detected.

Additionally, more than 46,000 organisations downloaded versions of Struts and/or its sub-projects with known vulnerabilities despite perfectly safe versions being available. Altogether, upwards of 50,000 organisations might be vulnerable to attack.

Why are developers still using vulnerable software packages when newer versions are available?
InfoView thread info, including edit history TrashPut this thread in your Trash Can (My DU » Trash Can) BookmarkAdd this thread to your Bookmarks (My DU » Bookmarks) 2 replies, 1579 views
ShareGet links to this post and/or share on social media AlertAlert this post for a rule violation PowersThere are no powers you can use on this post EditCannot edit other people's posts ReplyReply to this post EditCannot edit other people's posts Rec (1) ReplyReply to this post
2 replies = new reply since forum marked as read
Highlight: NoneDon't highlight anything 5 newestHighlight 5 most recent replies
Equifax's disastrous Struts patching blunder: THOUSANDS of other orgs did it too (Original Post) steve2470 Sep 2017 OP
Uh, because money ? eppur_se_muova Sep 2017 #1
Stability mostly Egnever Sep 2017 #2

eppur_se_muova

(37,352 posts)
1. Uh, because money ?
Reply to steve2470 (Original post)
Wed Sep 20, 2017, 11:05 AM
Sep 2017

Penny wise & pound foolish gets you to the next quarterly report OK -- until it doesn't.

TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  EditCannot edit other people's posts RecommendRecommend this post ReplyReply to this post
 

Egnever

(21,506 posts)
2. Stability mostly
Reply to steve2470 (Original post)
Wed Sep 20, 2017, 07:03 PM
Sep 2017

Patches can bring unwanted behavior. Admittedly not taking this one will end up quite costly but typically it is stability they are aiming for and again patches can cause unintended consequences.

TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  EditCannot edit other people's posts RecommendRecommend this post ReplyReply to this post
Reply to this discussion
Latest Discussions»Help & Search»Computer Help and Support»Equifax's disastrous Stru...
Home | Latest Discussions | Greatest Discussions | Latest Videos | All Forums

About | Copyright | Privacy | Terms of service | Contact

In Memoriam

© 2001 - 2024 Democratic Underground, LLC. Thank you for visiting.