Editer l'article Suivre ce blog Administration + Créer mon blog
15 septembre 2009 2 15 /09 /septembre /2009 23:16
Hey as people say: never say never, or never say "it'll never happen to them".

Nonetheless, even an AV vendor may not apply the basics of web server security: non-disclosure of versions information.

This URL comes from the virus sginatures added and listed in a daily update description. Therefore, anybody could access it, I did not have to try anything of hack in any way the ESET HTTP server.

I told my contacts at ESET about that. 72h later, it was fixed.

Though, I would point out a few details:
- apache 2.2.9 is obsolete (cf. http.apache.org)
- PHP 5.2.6 is also obsolete...

Well, the guys at ESET still some work to get done before they can affirm their server is really secured... 
Partager cet article