With all of the talk of CF & security I thought I'd pass this along.
According to Chris Wysopal of VeraCode, the site was running Coldfusion.
https://www.veracode.com/blog/2013/02/stolen-data-headers-from-the-federal-r
eserve-hack/
http://www.huffingtonpost.com/2013/02/05/federal-reserve-securit
some more great publicity for Adobe/CF
On Thu, Feb 7, 2013 at 6:24 PM, Che Vilnonis wrote:
>
> With all of the talk of CF & security I thought I'd pass this along.
> According to Chris Wysopal of VeraCode, the site was running Coldfusion.
>
>
> https://www.veracode.com/blog/2013/02/stolen-data
This goes to show the poor quality of coders in the Government more than
weaknesses in ColdFusion. Same for SysAdmins that fail to follow the lock down
procedures. Any web application can be poorly written and any server can be
poorly administered.
Wil Genovese
Sr. Web Application Developer/
Govt generally don't have their own coders, they outsource everything to
agencies, who then outsource to contractors, and nothing is checked by
anyone in between.
Regards
Russ Michaels
www.michaels.me.uk
www.cfmldeveloper.com - Free CFML hosting for developers
www.cfsearch.com - CF search engine
I don't know about the pay level at the Federal level. I saw a posting for
ColdFusion jobs with the State on MN (where I live) a couple years back and it
was so far underpaid that I cannot imagine even a fresh newbie wanting to work
at that scale. MN does hire it's on coders so thats why I thou
Wow, that's a really scarey thought!
On 2/7/2013 1:00 PM, Russ Michaels wrote:
> Govt generally don't have their own coders, they outsource everything to
> agencies, who then outsource to contractors, and nothing is checked by
> anyone in between.
>
> Regards
> Russ Michaels
> www.michaels.me.uk
Most of the Fed I've worked with, the coders are pretty exclusively
contractors on the CF side. From talk of those that have been here a
fairly long time, this started when the vast majority of the Fed were
turned private way back in the day in order to "save money". But, like
many ideas in t
And people wonder why hackers keep getting in and stealing data lol.
Regards
Russ Michaels
www.michaels.me.uk
www.cfmldeveloper.com - Free CFML hosting for developers
www.cfsearch.com - CF search engine
On Feb 7, 2013 8:13 PM, "Matthew Williams" wrote:
>
> Most of the Fed I've worked with, the
I think it is sometimes unfair to blame ColdFusion 100% of the time, some
of these administrators may have other technologies that are installed and
never patched, which can expose ColdFusion and other languages running on
the server.
But if it was ColdFusion that was hacked or an exploit in Cold
I think that is what was being implied anyway in previous replies, that it
isn't just cf that is to blame.
Regards
Russ Michaels
www.michaels.me.uk
www.cfmldeveloper.com - Free CFML hosting for developers
www.cfsearch.com - CF search engine
On Feb 7, 2013 10:31 PM, "Andrew Scott" wrote:
>
> I t
The Fed does use contractors but the background check is extensive, and the
access to the banking systems are very closely guarded. They do have some
Coldfusion sites, mostly forward facing and not connected to secure areas
of the bank. This hack looks like it hit an email alert system for
disas
On Thu, Feb 7, 2013 at 9:02 PM, Maureen wrote:
> The Fed does use contractors but the background check is extensive, and
> the access to the banking systems are very closely guarded.
Many of the ColdFusion developers at the Fed are full time. Of those who I
know personally, they are definitely
Having worked for the Federal Reserve as a full time CF developer and also
currently working as a federal software developer (not using CF), I just wanted
to clarify something. The Federal Reserve is not a federal agency, with the
exception being the Federal Reserve Board of Governors. All of t
13 matches
Mail list logo
