This is what I posted to the Drupal4Lib list:
By now, you should have seen https://www.drupal.org/PSA-2014-003 and heard
about the Drupageddon exploits. and you may be wondering if you were
vulnerable or iff you were hit by this, how you can tell and what you
should do.
If you are using drupal as main website, consider using Cloudflare Pro. It's
just $20 a month and worth it. They'll help block most attacks. And they
usually receive vulnerability report ahead of general public.
Kun
-Original Message-
From: Code for Libraries
How do they receive vulnerability report ahead of general public? From whom?
Cary
On Friday, October 31, 2014, Lin, Kun l...@cua.edu wrote:
If you are using drupal as main website, consider using Cloudflare Pro.
It's just $20 a month and worth it. They'll help block most attacks. And
they
Hi Cary,
I don't know from whom. But for the heartbeat vulnerability earlier this year,
they as well as some other big providers like Google and Amazon were notified
and patched before it was announced.
Kun
-Original Message-
From: Code for Libraries [mailto:CODE4LIB@LISTSERV.ND.EDU]
The OCLC Developer Network is offering two free, 1-hour webinars based on our
recent popular blog series covering some of our favorite software development
practices:
Finding a Common Language: Putting Software Development Practices to Use -
November 11, 11:00am ET
This webinar is designed for
On Oct 31, 2014, at 11:46 AM, Lin, Kun wrote:
Hi Cary,
I don't know from whom. But for the heartbeat vulnerability earlier this
year, they as well as some other big providers like Google and Amazon were
notified and patched before it was announced.
If they have an employee who
http://blog.ircmaxell.com/2014/10/a-lesson-in-security.html is an
interesting and thoughtful write-up on the technical details of this
vulnerability.
On Fri, Oct 31, 2014 at 12:38 PM, Joe Hourcle onei...@grace.nascom.nasa.gov
wrote:
On Oct 31, 2014, at 11:46 AM, Lin, Kun wrote:
Hi Cary,
The vulnerability was discovered in the course of an audit by SektionEins, a
German security firm, and immediately reported to the Drupal Security Team.
Because this was a pretty obscure vulnerability with no reported exploits, the
team decided to wait until the first scheduled release date
I think so. However, Cloudflare in their blog post claim they have develop a
way to block the attack immediately when the vulnerability was announced.
Whether or not they know the exploit ahead of time or not, it would be good to
know someone is watching out for you for $20 a month. And you
Web Application Developer at Towson University Libraries
Towson University
Baltimore-Towson, MD Metropolitan Statistical Area
Join our team at Towson! The Albert S. Cook Library seeks a
highly skilled and innovative Web Application Developer to participate in all
stages of the application
10 matches
Mail list logo