CNET reports that two hackers have published a program that can break the encryption used by "version 4.1 of IBM's WebSphere Commerce Suite and version 3.2 of Net.Commerce". IBM has a fix for the problem. If you are running those servers you should apply the fixes quickly before the script kiddies get their hands on this tool.
- Posted by: Ed Saikali
- Posted on: March 08 2001 23:50 EST
Read article Here
When I first read this I thought that it'd erode my confidence in WebSphere. When I thought it through, the whole story really speaks well of IBM. An exploit was found and IBM responded very quickly and patched the hole.
I'm not defending them but this isn't about WebSphere Application Server, its the older products they had.
Not that WebSphere Advanced is perfect either... But, this is an old problem that I first saw reported by Internet World about a month ago and besides, IBM had already issued a fix prior to this but some customers did not apply it and were therefore still vulnerable.