Does not really sound all that interesting. Maybe once it is released it will do something that we haven't foreseen.

@MattKing said:

@ajstringham I'll see myself out.

😛

Wait until you do scripting from a jump box. So slick.

for i in $(cat serverlist); do ssh -qt $i uptime; done

Certainly not.

@thecreativeone91 said:

Untangle is a major resource hog from what I remember.

It is. It isn't routing or switching software, it's just Linux as a full OS with tons of apps running on it. So unlike, say, Vyatta which powers the Ubiquiti which is based on Linux but is extremely light and fast because it is a custom kernel with a custom network stack just for routing, Untangle is the full blow OS with nothing special. So you need tons of horsepower to handle normal routing tasks effectively.

There is a big difference between exporting cryptography and exporting something encrypted, though.

@alexntg said:

@Dashrender said:

I know it's still useful for Linux, but really - is that enough reason to go forward with this audit?

Perhaps? Perhaps not? If someone's still paying the auditor, I'm sure they'll keep on auditing.

The audit is very important. TC remains a very viable product. Moreso than ever having weathered this storm.

Oh handy, thanks.

@Bill-Kindle said:

very interesting. My only concern is with continuous development, will they keep the product / service updated if it goes live?

It's google. So not likely.

That website is
(••)
( ••)>⌐■-■
(⌐■_■)
a ghost of it's former self

YEEEEAAAAAAAAAAAAAAHHHHHHHHHHHHHH!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

As an update, CERT even put out an advisory to have folks not expose their management interface: http://www.us-cert.gov/ncas/alerts/TA13-207A. I'd like to suggest taking it a step further. Other management interfaces, such as hypervisors, web control panels, SSH logins, etc. should not be exposed to the Internet.

@Bill-Kindle said:

@scottalanmiller said:

@alexntg no kidding. No backups? That's crazy.

But Cloud........

Not having backups leaves them liable for some massive lawsuits. I'd be really surprised if they ever come back. Titsup was a good word for what happened to them.

They did have backups. They were also in AWS and geographically redundant. The attacker deleted the backups as well. The issue is that a proper DR plan would have addressed the issue of what would happen if AWS failed.

@scottalanmiller said:

No telling how often that this is attempted against high profile closed-source products and even less information on how often it is successful.

Software companies don't want us to think about that.

What are the chances that they will follow through though?

In Europe, American pizza means French fries on it.

@Dominica exactly. And you would be struggling to even do that. If locked down the extension would be locked by IP range and the phone would hopefully be blocked from making its own external VPN connections. So it really would only be a gateway to other security flaws. On its own it should do very little.

I just followed this:
http://community.spiceworks.com/how_to/show/907-gpo-to-push-out-local-administrators-across-a-domain

Two minute job and I'm all sorted.