|
|
|
|
|
|
by jestar_jokin
4267 days ago
|
|
|
It's a big deal, especially for small dev shops, as they're less likely to have people available to plug security holes or monitor servers for vulnerabilities/compromises. If you're using shared hosting, probably not an issue. If you're using a VPS, PS, or other service where you are expected to maintain the server, well... For some systems, it's just a matter of logging in to the server and running a single command line, like "sudo yum update bash" (replace "yum" with apt-get, or another package manager). You can leave it, but know that you're leaving your clients vulnerable to things such as: - stolen data
- data loss
- compromised/corrupted/deleted backups of data, code
- site disruption
- botnet participation
- illegal file dump/trading space
- unremovable rootkits Having said that, I believe you should be safe if you don't use CGI to run your apps. The earlier you plug the holes, the better. |
|
|
We don't run cgi scripts, and we seem to be predominantly in the "probably safe" category. That said, this is the reaponse I expected. I've applied some patching on our machines (read: that first one that didnt fix a lot of vulerabilities) and I'm sure the other guys have, too.
It has just been one of those launch months where even pooping feels like burning time and money.
Seems like somebody is going to be changing gears today. Thank you.