Loading....

Stunnel Vulnerability | Remove or Patch Immediately

Bug

Stunnel, an application that provides secure ‘tunneling’ for commonly used, insecure protocols (e.g. SMTP, POP3, etc.) has issued a security bulletin.  There is a known flaw that could be utilized to inject arbitrary code and ultimately control where the connection goes.  Imagine the emails you’re trying to send to consignors and/or customers being intercepted.

That wouldn't be good...

If you think this is being hyper-sensitive, you don’t internets enough.

Any applications installed on your systems must be justified, as per the PCI DSS v2.0:

[hr size=’big’]

2.2.2 Enable only necessary and secure services, protocols, daemons, etc., as required for the function of the system.

2.2.2.b Identify any enabled insecure services, daemons, or protocols. Verify they are justified and that security features are documented and implemented.

2.2.3.a Interview system administrators and/or security managers to verify that they have knowledge of common security parameter settings for system components.

2.2.4 Remove all unnecessary functionality, such as scripts, drivers, features, subsystems, file systems, and unnecessary web servers.  Examples of insecure services, protocols, or ports include but are not limited to FTP, Telnet, POP3, IMAP, and SNMP.

[hr size=’big’]

If someone is going to install 3rd party software on your computer, be sure to ask them if they are going to maintain and patch that software on a daily basis.  As a business bound by PCI DSS, applications must be patched on at least a monthly basis.  For systems storing/processing/connected-to sensitive data, applications should be patched more-frequently – i.e. daily.

Without even considering PCI DSS, it’s common sense.  An application installed with good intentions, can easily backfire on you if not properly maintained.

I've been helping consignment & resale store-owners since 2003. I started The Computer Peeps in February of 2010. After 15 years of working with consignment stores, I understand the unique challenges consignment & resale storeo-wners face. From electrical issues in old building or strip malls, to advocating for them when their consignment software keeps crashing. I now manage over 400 computer systems, servers & websites for store-owners all across North America and I am the developer/programmer of Peeps' Software -- the only software written FOR consignment & resale stores specifically.

Leave a Comment

Your email address will not be published. Required fields are marked *

*
*

Time limit is exhausted. Please reload CAPTCHA.

*

Back To Top