Re: [Full-Disclosure] RE: Worm hitting PHPbb2 Forums

[Valdis.Kletnieks () vt edu]

On Wed, 22 Dec 2004 22:51:40 MST, "Mattias R. Lindgren" said:

> There is a workaround posted http://forums.ir0x0rz.com/viewtopic.php?t=34
>
> I'm hoping this will be enough to protect phpBB installs.

As I understand it, the phpBB *fix* is a whole whopping one-liner,
or you can upgrade to a fixed release of phpBB (2.0.11)

http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2004-11/1204.html

That was a *MONTH* ago. And now that *finally* a worm shows up, people are
running around trying to "protect" stuff they should have *fixed* already??

Quite frankly, if the people you're trying to protect can't find the time
in *a month* to deploy a one-line fix, quite obviously *they* don't care about
their stuff.  Why are you doing things to enable them to *keep* not caring?

But then, I've never been able to watch news stories about "800 pound person
needs 4 people to help them up taking them to the hospital".  If you're 800
pounds and bedridden, who's bringing you the food?

Do your users a favor - don't keep feeding them when they're 800 pounds already.

Oh yeah - and everybody out there, have a happy <appropriate winter solstice
holiday>... :)

Attachment: _bin
Description: