Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 29 subscribers
  • Views 771 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

I am glad that we have chosen Sophos

VishvasChitale

Dear Ravi and Kandarp @ Team Sophos

First of all thank you very much for getting our system got hot fixed in record time in this difficult time of covid-19  outbreak crisis . As per our communication yesterday We have changed  password of all Users as well Admin and Vpn users .I have gone through various community discussion and really appreciate that Sophos team accepted the breach and published root cause of the same and fix difficult time of covid-19  outbreak crisis . This requires lot of courage and transparency . I am glad that we have chosen Sophos.  I will be happy if you can share me the analysis of our firewall by the Team. I would also Like to get rid of Alert as per the attachment . I fell that this should get clear after we have followed the steps.

 

With Warm and Best Regards

Vishvas Chitale



This thread was automatically locked due to age.
Parents
  • 0

    I don't know if it's a good time to be happy. The device that was supposed to protect us against malware has succumbed to him. This should not be the case with this type of device. Someone who did this knew the structure of SFOS perfectly. What is the guarantee that it will not happen again in a while?

    Regards
    Jan

Reply
  • 0

    I don't know if it's a good time to be happy. The device that was supposed to protect us against malware has succumbed to him. This should not be the case with this type of device. Someone who did this knew the structure of SFOS perfectly. What is the guarantee that it will not happen again in a while?

    Regards
    Jan

Children
  • 0 in reply to JanSadlik

    Hello Jan,

    I agree, I also don't think we should be subject to false optimism about how perfectly Sophos managed to analyze a SUCCESSFUL attack on his flag security system!
    Is Sophos really convinced that its developers have followed best practice on the security design of XG Firewall?
    And how is it possible that they did not handle the format of the input data that could be entered in the authorization fields in WebAdmin and UserPortal?!?
    This is a fundamental violation of the security concept of any firewall that aspires to the enterprise level!
    I would like to remind you that checking the format of the input data is an elementary and standardly used protection against SQL injection.
    I see another absolutely elementary failure in the internal security concept of XG Firewall, in which the concept of chroot jail is not used.

    Do I still have to list the shortcomings I see (at first glance) in the security concept of XG Firewall?
    I think that others in this forum can name many other shortcomings that are obvious at first glance.

    Regards

    alda