Security Incidents mailing list archives
Re: [Full-Disclosure] RE: Worm hitting PHPbb2 Forums
From: Valdis.Kletnieks () vt edu
Date: Sat, 25 Dec 2004 02:11:39 -0500
On Wed, 22 Dec 2004 22:51:40 MST, "Mattias R. Lindgren" said:
There is a workaround posted http://forums.ir0x0rz.com/viewtopic.php?t=34 I'm hoping this will be enough to protect phpBB installs.
As I understand it, the phpBB *fix* is a whole whopping one-liner, or you can upgrade to a fixed release of phpBB (2.0.11) http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2004-11/1204.html That was a *MONTH* ago. And now that *finally* a worm shows up, people are running around trying to "protect" stuff they should have *fixed* already?? Quite frankly, if the people you're trying to protect can't find the time in *a month* to deploy a one-line fix, quite obviously *they* don't care about their stuff. Why are you doing things to enable them to *keep* not caring? But then, I've never been able to watch news stories about "800 pound person needs 4 people to help them up taking them to the hospital". If you're 800 pounds and bedridden, who's bringing you the food? Do your users a favor - don't keep feeding them when they're 800 pounds already. Oh yeah - and everybody out there, have a happy <appropriate winter solstice holiday>... :)
Attachment:
_bin
Description:
Current thread:
- Re: [Full-Disclosure] RE: Worm hitting PHPbb2 Forums Valdis . Kletnieks (Dec 28)