Author's Opinion

The views in this column are those of the author and do not necessarily reflect the views of iTWire.

Have your say and comment below.

Tuesday, 16 March 2010 10:50

Adobe warns of Flash/Apache security issue, but gives customers little assistance with the fix

By

Adobe has warned its Flash Media Server customers of a security vulnerability in the included version of the Apache HTTP Server, but has done little to help them protect themselves against exploits.


Being a well-regarded open source project, the Apache HTTP Server turns up in a lot of guises. But not all of the 'distributors' promptly pass along security updates to their customers.

Apple comes immediately to mind (Apache is the basis of Mac OS X's Web Sharing feature), as there's often a significant gap between the release of patched versions of Apache and their inclusion in a security update from Apple.

Another example is Adobe's Flash Media Server. Version 3.5.x for Windows includes Apache 2.2.9, which has an 'important' security vulnerability now fixed in version 2.2.15.

In its default configuration, Flash Media Server is not vulnerable to this exploit, but it is possible that installed copies have been reconfigured to use the ISAPI module and thus become vulnerable.

Instead of rolling the new version of Apache into a Flash Media Server update to make life easier for users, Adobe has issued instructions for disabling the ISAPI module.


CONTINUED






Customers who need the module are advised to manually update Apache to version 2.2.15.

Generally speaking, Flash Media Server will be managed by administrators who basically know what they are doing. But as we keep hearing about how overworked sysadmins are, is it that unreasonable to expect major vendors such as Adobe to deliver assistance through automation?


WEBINAR event: IT Alerting Best Practices 27 MAY 2PM AEST

LogicMonitor, the cloud-based IT infrastructure monitoring and intelligence platform, is hosting an online event at 2PM on May 27th aimed at educating IT administrators, managers and leaders about IT and network alerts.

This free webinar will share best practices for setting network alerts, negating alert fatigue, optimising an alerting strategy and proactive monitoring.

The event will start at 2pm AEST. Topics will include:

- Setting alert routing and thresholds

- Avoiding alert and email overload

- Learning from missed alerts

- Managing downtime effectively

The webinar will run for approximately one hour. Recordings will be made available to anyone who registers but cannot make the live event.

REGISTER HERE!

LAYER 1 ENCRYPTION A KEY TO CYBER-SECURITY SOLUTION

Security requirements such as confidentiality, integrity and authentication have become mandatory in most industries.

Data encryption methods previously used only by military and intelligence services have become common practice in all data transfer networks across all platforms, in all industries where information is sensitive and vital (financial and government institutions, critical infrastructure, data centres, and service providers).

Get the full details on Layer-1 encryption solutions straight from PacketLight’s optical networks experts.

This white paper titled, “When 1% of the Light Equals 100% of the Information” is a must read for anyone within the fiber optics, cybersecurity or related industry sectors.

To access click Download here.

DOWNLOAD!

Stephen Withers

joomla visitors

Stephen Withers is one of Australia¹s most experienced IT journalists, having begun his career in the days of 8-bit 'microcomputers'. He covers the gamut from gadgets to enterprise systems. In previous lives he has been an academic, a systems programmer, an IT support manager, and an online services manager. Stephen holds an honours degree in Management Sciences and a PhD in Industrial and Business Studies.

VENDOR NEWS & WEBINARS

REVIEWS

Recent Comments