« Third-Party Linux Software Available for Polar S710 Heart Rate Monitor | Main | WSJ Runs Story About Use of Personalization Technologies by TiVo and Amazon.com »

Large Group of Sys Admins Lag Behind in Patching Server OSes

A few days ago, CNET News.com reported on a study that indicates that a large percentage of system administrators are slow to patch their operating systems, often waiting until they hear about an exploit to which one of their servers is certainly vulnerable.

The article talks about a study performed by Eric Rescola who identified 900 Linux servers that had both OpenSSL and Apache running when a major OpenSSL vulnerability was revealed.

According to the article, 40 percent of the systems were patched to close the OpenSSL vulnerability within seven weeks. Another 30 percent were patched about the time that the Slapper exploit was publicized and began spreading around the Internet.

The remaining 30 percent apparently remained unpatched. One of those servers was in the same colocation facility where CTDATA's servers are. On or around November 11, that server was exploited by Slapper. The subsequent network traffic was so great that it temporarily overwhelmed the routers in the facility. The only solution was for the colocation operator to take the server offline.

This article on CNET is a revealing one, and should be read by customers and system administrators alike. It clearly indicates that administrators need to patch more pre-emptively, and the customers must insist that even unexploited vulnerabilities be patched as soon as patches are released.

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)


CTDATA Venutures (CTDATA) develops Internet and Intranet applications for corporations and non profit organizations. Our services include:

  • Consulting services for Movable Type and TypePad-based publishing systems (visit our Weblog Improvement website for more information),
  • Financial services business process consulting,
  • Content management system and knowledge management system consulting,
  • Apache web server engineering and hosting,
  • MySQL, Sybase, and Microsoft SQL Server architecture and development,
  • SOAP, REST, and XML-RPC system architecture and programming, including Amazon Web Services and
  • Weblog publishing.
For more information, contact Dave Aiello by email at dave [at] daveaiello.com or call him at +1-267-352-4420.
Copyright © 1995-2010, CTDATA Ventures. All Rights Reserved.
Powered by
Movable Type 4.25