Beefy Boxes and Bandwidth Generously Provided by pair Networks
Just another Perl shrine
 
PerlMonks  

Re: Perl Exposure to Zlib Vulnerability, Mitigation Strategy?

by webadept (Pilgrim)
on Mar 16, 2002 at 10:08 UTC ( #152177=note: print w/replies, xml ) Need Help??


in reply to Perl Exposure to Zlib Vulnerability, Mitigation Strategy?

I just went through this with that PHP bug a while back, and now need to get with various ISP's to get them to upgrade. .. again... I'm wondering what is the consensis of those who deal with ISP's on a regular basis .. what is your expected hassle factor to get a security flaw like this fixed, and when is an ISP easier to leave than to deal with?

Glenn H.
  • Comment on Re: Perl Exposure to Zlib Vulnerability, Mitigation Strategy?

Replies are listed 'Best First'.
Re: Re: Perl Exposure to Zlib Vulnerability, Mitigation Strategy?
by gellyfish (Monsignor) on Mar 16, 2002 at 16:04 UTC

    I work for an ISP and, believe me, we would rather fix this stuff before customers start ringing up than ignore it - the PHP thing for instance was fixed before anyone noticed. I think you will find that this is the case with most ISPs, after all it is machines on their network that are going to get r00ted, but of course with the larger players there may be some delay if they have thousands of machines to update ...

    /J\

Re: Re: Perl Exposure to Zlib Vulnerability, Mitigation Strategy?
by cjf (Parson) on Mar 17, 2002 at 20:45 UTC
    what is your expected hassle factor to get a security flaw like this fixed, and when is an ISP easier to leave than to deal with?

    At very most, an email or a phone call. If you alert them to the vulnerability and they don't fix it within a reasonable amount of time (3 days after notice is plenty), then I'd change immediately. I'd also be concerned if they weren't already on it by the time I contacted them.

    Staying with a provider who doesn't pay attention to security is a very bad idea. It's often a lot of hassle to change hosts, but the tradeoff for better security and service is almost always worth it.

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://152177]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others wandering the Monastery: (3)
As of 2022-10-01 07:35 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    I prefer my indexes to start at:




    Results (126 votes). Check out past polls.

    Notices?