Slash Boxes

SoylentNews is people

posted by martyb on Friday January 12, @02:44AM   Printer-friendly
from the update-early-and-often dept.

While everyone was screaming about Meltdown and Spectre, another urgent security fix was already in progress for many corporate data centers and cloud providers who use products from Dell's EMC and VMware units. A trio of critical, newly reported vulnerabilities in EMC and VMware backup and recovery tools—EMC Avamar, EMC NetWorker, EMC Integrated Data Protection Appliance, and vSphere Data Protection—could allow an attacker to gain root access to the systems or to specific files, or inject malicious files into the server's file system. These problems can only be fixed with upgrades. While the EMC vulnerabilities were announced late last year, VMware only became aware of its vulnerability last week.

[...] For those familiar with the architecture of these products, the vulnerabilities may not be a surprise—EMC Avamar and the other applications use Apache Tomcat, which was patched multiple times last year to address critical security vulnerabilities. However, it's not clear whether these patches were incorporated into earlier updates of the EMC and VMware products or if any of the bugs just fixed in updates of the EMC/VMware products were Tomcat related.


Original Submission


Reply to: hard-nosed engineering

    (Score: 4, Insightful) by Runaway1956 on Friday January 12, @03:46AM

    by Runaway1956 (2926) Subscriber Badge on Friday January 12, @03:46AM (#621247)

    Hard nosed engineering, the AC says. I could go for that. We have a myriad of people who work on computers, who make claims to being "engineers". And, so many of them are mere amateurs, dabbling around the edges of mathematics. Engineering? A real engineer designs something, then asks himself, "What could go wrong?" A real engineer is one of his own harshest critics.

    In this day and age of "good enough", at least half of our so-called engineers are unworthy of the name. Yeah, I know, the real engineers don't run things. They are under pressure from higher ups to produce something that will keep the revenue turning. Still - good enough is good enough? Come on people - to call yourself an engineer, you've got to be examining and re-examining your work, at all times, trying to find the flaws in your own work.

    Hard nosed engineering, is what the AC said. Hey, that would really be nice!! The common disclaimer that accompanies software says "We hope you'll like our work, but we make no guarantees of any kind, enjoy!" often accompanied by "Now pay us!". I'd rather see some kind of disclaimer that says, "We've tested this software according to (list of standards), and our work seems to have passed all of these tests for (speed, accuracy, VULNERABILITIES, compatibility and/or other applicable standards). We hope that our work meets your standards. If you encounter any problems, please contact us so that we might improve our software!"

    And, of course, all of that applies mostly to commercial work. Profit is always the driving force. Gotta get something out the door that will sell, damn the consequences. Yeah, open source has had it's problems as well, but those problems usually result from honest mistakes. In the case of closed source, none of us can tell which were mistakes, and which were stupid compromises, or which were decisions driven by profit/greed.

Post Comment

Edit Comment You are not logged in. You can log in now using the convenient form below, or Create an Account, or post as Anonymous Coward.

Public Terminal

Anonymous Coward [ Create an Account ]

Use the Preview Button! Check those URLs!

Logged-in users aren't forced to preview their comments. Create an Account!

Allowed HTML

<URL:> will auto-link a URL

Important Stuff

  • Please try to keep posts on topic.
  • Try to reply to other people's comments instead of starting new threads.
  • Read other people's messages before posting your own to avoid simply duplicating what has already been said.
  • Use a clear subject that describes what your message is about.
  • Offtopic, Inflammatory, Inappropriate, Illegal, or Offensive comments might be moderated. (You can read everything, even moderated posts, by adjusting your threshold on the User Preferences Page)
  • If you want replies to your comments sent to you, consider logging in or creating an account.

If you are having a problem with accounts or comment posting, please yell for help.