Citrix leaves gaping holes in web sites

US government, military sites vulnerable, bloke reckons

By Egan Orion

Tue Oct 09 2007, 15:31

CITRIX SERVERS running US government and military websites are full of security holes, says a security researcher quoted in a story at Eweek.

Petko Petkov writes that his recent testing of Citrix gateways found "tons" of vulnerable instances, including 10 in US government domains and four in US military domains.

The basic problem, apparently, is that Citrix services that once started out on secure LANs ended up over time using routable protocols on Internet facing servers that weren't properly firewalled.

Anyone with Citrix client software or hacking tools can access formerly secure internal services that are now wide open to the Internet.

More here. µ

The INQUIRER review of the year A look back at the big news stories of 2011 Friday, 23 December 2011, 08:00 AM Read more	Lenovo outs two smartphones for 2012 One Android, one Windows Phone Thursday, 1 December 2011, 17:43 PM Read more
RIM’s BBX phones could be touchscreen only Based on the Playbook tablet Thursday, 10 November 2011, 11:15 AM Read more	Diginotar hacker threatens SSL attacks in US, Europe and Israel Vows to hack into internet service providers Thursday, 8 September 2011, 15:04 PM Read more
Wordpress blogs are at risk Hole found in a popular third-party script Wednesday, 3 August 2011, 15:11 PM Read more	Sun.com and Mysql.com succumb to SQL injection attack Two letter passwords stolen Monday, 28 March 2011, 12:25 PM Read more

< Previous article| Next article >

Comments

Making Available...

Hmmm "Making Available...."

Go get em...

I'm sure you find a song there somewhere.

"Cases such as this remind us strong enforcement is a significant part of the effort to eliminate piracy, and that we have an effective legal system in the U.S. that enables rights holders to protect their intellectual property."

posted by : Pete, 09 October 2007 Complain about this comment

INQ White papers

Databases

Network management

Security

Service oriented architecture

Storage

INQ Jobs

Junior Website Developer -

Junior Website Developer - ...

INQ Poll

Authorities in several countries raided Megaupload recently, shut down all of its services, seized hundreds of servers and arrested several of its executives on criminal charges.

Do you think the move was justified?

Yes, companies should suffer an immediate death penalty upon being accused of copyright infringement.

Yes, the coppers said the company was breaking the law so it must be guilty.

No, the company and the people accused are innocent until proven guilty.

No, the company had millions of customers who have been harmed by having access to their data files cut off.

I don't care, I never used Megaupload anyway.

View other polls

© Incisive Media Investments Limited 2012, Published by Incisive Financial Publishing Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, are companies registered in England and Wales with company registration numbers 04252091 & 04252093

SEARCH :

Site Credentials:

Business & Technology websites:

Business research resources:

Products:

Investment Market IT websites:

Find out what you are worth:

Salary Calculator

Search for a job:

Recruitment Agency A-Z Directory

Accreditations:

Digital Publisher of the Year 2010

Citrix leaves gaping holes in web sites

Share this:

RIM Playbook OS 2.0 and Blackberry 7.1 video demo

Nokia Lumia 710 video review