from the postscript-always-a-nice-touch dept.
ekr writes "The OpenSSL remote buffer overflows discovered at the end of July got
a lot of press here on /. But how many people actually fixed their
machines? I decided to study this question, and the results are kind of
depressing. Two weeks after the release of the bug, over two thirds of
the servers I sampled were still vulnerable. Even two weeks after
Slapper worm was announced, a third of the total servers
were vulnerable. The paper can be found here in
"I have more information in one place than anybody in the world."
-- Jerry Pournelle, an absurd notion, apparently about the BIX BBS