What is Nostr?
Stefano Marinelli /
npub14ca…0nj8
2023-10-24 14:06:42

Stefano Marinelli on Nostr: Me: "Hey guys, there's that old Ubuntu 18.04 which is now insecure, with php 7.2. Can ...

Me: "Hey guys, there's that old Ubuntu 18.04 which is now insecure, with php 7.2. Can we update?"
Them: "The client did a pentest and didn't find any specific issues."
Me: "I know, these pentests can often be misleading. But the issue still exists. Shall we proceed?"
Them: "The CMS isn't compatible and needs updating. It's a lot of work and the client doesn't have a budget for that."
Me: "Wait, they pay for third-party pentests but won't update the platform?"
Them: "Yes, we need to find a solution to keep running php 7.2."
Me: "I'm not a fan, but we could slap it into a FreeBSD jail - at least there's the protection from the jail and an updated OS behind it, and we can manually compile php 7.2 - setting up a parallel jail with modern tools and ready for the upgrade you'll do. Because you will do it, RIGHT?"
Them: "Nah, there are still Docker images with php 7.2, let's use those."
Me: "Yes, but there's a lot of outdated stuff in there: libraries, dependencies, etc."
Them: "But it's easier and it solves the problem."

And then we wonder why there's so much insecurity online - and a growing tech debt, relentlessly...

#Cybersecurity #TechDebt #UpdateYourSystems #PentestMistakes #ObsoleteTech #docker #FreeBSD #Ubuntu #Linux #Security #CyberSecurityAwareness
Author Public Key
npub14calwd6xg349ahf3nnhhyqem2w2e3gs66p7zctz2sna74u3tsddq7j0nj8