Dump Hijacked ISPs That Don't Patch
Here are more details on the drive-by malware problem taken up in a post last week. The Washington Post's Security Fix blog used some data from StopBadWare.org and did some detailed analysis of IPOWER, a large hosting company found to have an number of compromised sites. See Cyber Crooks Hijack Activities of Large Web-Hosting Firm for details, but here is the punch line:
But a review of Gravina and McGovern's [IPOWER customers] sites indicate that both virtual servers are running outdated, insecure versions of the Apache Web server software and PHP, a popular Web scripting language that many hosting companies provide for their customers.The most recent version of PHP is 4.4.7, has fixed more than five-dozen security holes since the version currently in use by IPOWER, PHP 4.4.2, which was first released nearly 16 months ago.
Cut throat pricing on Web hosting doesn't leave much marginal revenue but that is no excuse for running software over a year out of date. Here is an opportunity for the market to send a signal that such behavior like this can't be tolerated. If your hosting on one of these sites identified as problematic, switch now.
TJX execs are watching their profitability drop because of their data breach fiasco. Let ISPs that fail to patch adequately be the next poster child for taking basic security measures seriously.
Email This!
Digg it!
Sphere it!
Del.icio.us
Reddit!
Newsvine
