from the postscript-always-a-nice-touch dept.
ekr writes "The OpenSSL remote buffer overflows discovered at the end of July got
a lot of press here on /. But how many people actually fixed their
machines? I decided to study this question, and the results are kind of
depressing. Two weeks after the release of the bug, over two thirds of
the servers I sampled were still vulnerable. Even two weeks after
Slapper worm was announced, a third of the total servers
were vulnerable. The paper can be found here in
"Card readers? We don't need no stinking card readers."
-- Peter da Silva (at the National Academy of Sciencies, 1965, in a
particularly vivid fantasy)