in reply to Perl Exposure to Zlib Vulnerability, Mitigation Strategy?
I just went through this with that PHP bug a while back, and now need to get with various ISP's to get them to upgrade. .. again... I'm wondering what is the consensis of those who deal with ISP's on a regular basis .. what is your expected hassle factor to get a security flaw like this fixed, and when is an ISP easier to leave than to deal with?
Glenn H.
|
Re: Re: Perl Exposure to Zlib Vulnerability, Mitigation Strategy?
by gellyfish (Monsignor) on Mar 16, 2002 at 16:04 UTC
|
I work for an ISP and, believe me, we would rather fix this stuff before customers start ringing up than ignore it - the PHP thing for instance was fixed before anyone noticed. I think you will find that this is the case with most ISPs, after all it is machines on their network that are going to get r00ted, but of course with the larger players there may be some delay if they have thousands of machines to update ... /J\
| [reply] |
Re: Re: Perl Exposure to Zlib Vulnerability, Mitigation Strategy?
by cjf (Parson) on Mar 17, 2002 at 20:45 UTC
|
what is your expected hassle factor to get a security flaw like this fixed, and when is an ISP easier to leave than to deal with?
At very most, an email or a phone call. If you alert them to the vulnerability and they don't fix it within a reasonable amount of time (3 days after notice is plenty), then I'd change immediately. I'd also be concerned if they weren't already on it by the time I contacted them.
Staying with a provider who doesn't pay attention to security is a very bad idea. It's often a lot of hassle to change hosts, but the tradeoff for better security and service is almost always worth it.
| [reply] |