
Magento vulnerability analysis - EdwardDiego
http://blog.checkpoint.com/2015/04/20/analyzing-magento-vulnerability/
======
callesgg
Would be nice if th people at checkpoint prioritized fixing their broken
software instead of putting money on writing (PR) blogs posts.

We use their firewalls and vpn stuff. We literally have to reinstall their vpn
software each time we want to connect as it breaks itself after each reboot.

~~~
UserRights
These kind of problems are solved for a long time: use open source software
and then you can patch problems yourself if upstream is dead. Any responsible
admin will not tolerate closed source black boxes dominating important pieces
of infrastructure.

~~~
jacquesm
Sometimes you arrive after those black boxes have been bought and paid for.

~~~
xorcist
All the more reason to migrate to a supported solution, if they're already
paid for.

(OpenVPN is unbeatable in simplicity and price. I've migrated several pre-
AnyConnect Cisco VPN users to it, which was finally EOL'd 2014 after several
years neglect.)

~~~
jacquesm
I've tried to get OpenVPN to work with a Palo Alto firewall and to date have
not been able to, Palo Alto support is - to put it mildly - non-functional.

Would not recommend Palo Alto.

------
fabrigm
[http://magentary.com/kb/apply-supee-5344-and-
supee-1533-with...](http://magentary.com/kb/apply-supee-5344-and-
supee-1533-without-ssh/)

------
Theodores
I think that it is quite surprising how secure Magento has been in the wild,
there was a version of community released with a vulnerability that had to be
fixed the next day, otherwise all good so far.

------
SeanLuke
I seriously came here thinking this was going to be about the X-men.

~~~
JoachimS
My thought too! An analysis based on material science, the prevalence of non-
magnetic materials, his ability to fly etc. alas not today.

