Skip to main content

Posts

Showing posts from September, 2017

SQL Server 2017 on Linux (mostly)...

Nice piece of work. Begs the questions when we'll see Windows for Linux though ;)

Equifarce!

I was/am interested into the whole Equifax hack and how this happened. To this end I posted a brief link yesterday to the Struts teams response. A simple case of failing to patch! Case closed.. But then I've been thinking that's not really very fair. This was (apparently) caused by a defect that's been around for a long time. The developers had reacted very quickly when the problem was identified (within 24 hrs) but Equifax - by all accounts - had failed to patch for a further 6 months. What did we expect? That they'd patch it the next day? No chance. Within a month? Maybe. But if the issue is embedded in some third party product then they're dependent upon a fix being provided and if it's in some in-house developed tool then they need to be able to rebuild the app and test it before they can deploy. Struts was/is extremely popular. It was the Spring of its day and is still deeply embedded in all sorts of corporate applications and off the shelf products. Fixin

Equifax Data Breach Due to Failure to Install Patches

"the Equifax data compromise was due to their failure to install the security updates provided in a timely manner." Source: MEDIA ALERT: The Apache Software Foundation Confirms Equifax Data Breach Due to Failure to Install Patches Provided for Apache® Struts™ Exploit : The Apache Software Foundation Blog As simple as that apparently. Keep up to date with patching.

DIY

I should probably have learnt this some time ago... Quite often we find no-one is willing to do the {insert-task-here} . I don't know why. Fear of getting it wrong. Fear of ridicule. Fear of crayons. Whatever. Heres a tip on how to get things moving when no-one seems willing... DO IT YOURSELF! It doesn't even matter if you do it badly. In fact it's often  better to do it badly on purpose! You'll be amazed (or maybe not) at the number of people that come out of the woodwork to provide their own "advice". All of sudden you'll have no end of input. Just be prepared to bite your tongue and take solace in the knowledge that you took one for the greater good. Someones got to get the ball rolling...