In response to the recent news that a bug exists in Node.js, all versions of v0.12.x through to v5.x inclusive, whereby an external attacker can cause a denial of service (more information here: http://www.scmagazineuk.com/warnings-over-nodejs-flaw-that-could-lead-to-dos-attacks/article/457205/), Dave Larson, chief operating officer at Corero Network Security, has offered @DFMag the following short insight:
“Node.js is a quite popular open source javascript app deveopment environment, so the vulnerability is likely quite widespread.
“The most effective defense again this latest threat is to upgrade the server application to the latest software rev. Certainly, there are many other security reasons to upgrade to the latest revision including potential breach vulnerabilities.
“Likely exploitations would be DoS for ransom. But there seems to be some full compromise vulnerability with some of the versions that could result in breach activity.”
(48)
