[2804] in WWW Security List Archive
Re: Citrix acknowledges software security flaw
daemon@ATHENA.MIT.EDU (Ray Kaplan)
Mon Aug 26 16:29:17 1996
In-Reply-To:
<Pine.SUN.3.93.960825232202.25394D-100000@jobe.shell.portal.com>
Date: Mon, 26 Aug 1996 11:38:45 -0500
To: "David W. Morris" <dwm@shell.portal.com>
From: Ray Kaplan <ray@rayk.com>
Cc: www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
>On Sun, 25 Aug 1996, Leslie Sweeney wrote:
>
>> The headline "Citrix acknowledges software security flaw" was reported
>> by Reuters news service. The complete article can be found at:
>> http://www.yahoo.com/headlines/960823/tech/stories/citrix_1.html
>>
>> The article reports that the availability of ActiveX has been temporarily
>> suspended at certain web sites pending investigation.
>
>Actually it is worth reading the article. The headline was a bit
>of a misrepresentation ... Citrix actually only acknowledged that some
>of the installations of their software had not properly activated
>security features.
>
>Dave Morris
Indeed. If I had a nickel for every security problem that turned out to be
a lack of "proper" configuration - I'd be, well, a lot richer ;) Which
leads me to:
Anyone have any statistics on how many so-called security problems are
actually mis (or mal) configurations?
RayK
