I think this is lovely. From first-hand experience, I know how often something as trivial yet important as "updating that horrible Joomla website to the latest bug-fixed version" gets low on a company's priority list. It's really just a reason to host your site in a SaaS CMS instead of uploading a bunch of PHP files yourself, but in case it's too late for that, having the hosting provider take care of this is lovely.
That said, I think the article is an odd mixture of business-speak and nerd-speak. As a coder, I'd like to know whether it fixes my handwritten SQL injection vulnerabilities too (probably not). My boss, however, probably will need a simpler version to get the point.
Thank you for your interest. The service focuses on fixing vulnerabilities in commonly used and popular software solutions such as WordPress, Drupal and Joomla. So, currently, we do not fix handwritten SQL injection vulnerabilities.
On a technical level it differs primarily on that it's not an external service that can only start responding after the website has been hacked; they treat the damage caused by a successful hack instead of preventing the hack in the first place. Because we can scan the code itself, we can actually patch vulnerabilities before they are being exploited. The beauty is in that we do not do "normal" updates but just patch the vulnerabilities in a non-obtrusive way, this prevents the website to fail because of incompatibilities.
"The beauty is in that we do not do "normal" updates but just patch the vulnerabilities in a non-obtrusive way, this prevents the website to fail because of incompatibilities"
Does this mean you're writing your own custom patches for every single versions of the software solutions you're supporting ?
That's a good approach, but not novel and not the first host doing that.
Many hosts automatically scan and fix their clients sites and have been doing that for a while. Specially when you are talking about popular CMSs like WorPress, Joomla and drupal.
I'm sorry, I think due to our lacking description of how the technology exactly works you're confusing it with existing technologies. What we announced today is not comparable with something like Installatron, they do just version updates. Those automatic updates usually breaks plugins. We only patch the vulnerabilities, without modifying any functionality.
Nope, we work with hosts that do exactly that. Patch and update if it is outdated, fix if it is broken and even remove any malware if it is infected.
Again, what you guys are doing is great, and I don't want to take that way. My only point is that you were not the first and some have been doing that for a while.
I don't know if this is the same thing, but I know Dreamhost auto-updates my abandoned Wordpress sites (is that triggered through Wordpress itself, even on independent WP installations?)
Do they automatically fixing themes to CMS'es? Updating the engine is one thing, WorPress, CME, and so on, but that only takes care of a tiny portion of the attack vectors. In my experience, if a wordpress or a phpbb forum was hacked, then its the user installed/programmed theme that was the cause and not the engine itself.
Can you you say which languages/platforms your system is able to analyze/patch and explain some basic technical details of how it understands arbitrary customer code well enough to find and patch vulnerabilities?
Can it fix bugs and write a few new features for me too?
18 comments
[ 3.2 ms ] story [ 55.3 ms ] threadThat said, I think the article is an odd mixture of business-speak and nerd-speak. As a coder, I'd like to know whether it fixes my handwritten SQL injection vulnerabilities too (probably not). My boss, however, probably will need a simpler version to get the point.
On a technical level it differs primarily on that it's not an external service that can only start responding after the website has been hacked; they treat the damage caused by a successful hack instead of preventing the hack in the first place. Because we can scan the code itself, we can actually patch vulnerabilities before they are being exploited. The beauty is in that we do not do "normal" updates but just patch the vulnerabilities in a non-obtrusive way, this prevents the website to fail because of incompatibilities.
Does this mean you're writing your own custom patches for every single versions of the software solutions you're supporting ?
What does this mean? Can you perhaps explain the service? Are these patches based on Drupal/Joomla security releases?
Many hosts automatically scan and fix their clients sites and have been doing that for a while. Specially when you are talking about popular CMSs like WorPress, Joomla and drupal.
thanks,
Again, what you guys are doing is great, and I don't want to take that way. My only point is that you were not the first and some have been doing that for a while.
thanks,
Well, please, then already describe how it works. And don't forget technical details as we're quite technical 'round here..
Can it fix bugs and write a few new features for me too?