Although really it never actually went anywhere because most people never fixed it because they didn’t know it was a problem…
HTTPoxy; this time its war.
Well, maybe not. But it does sound like one of the most unlikely sequels in history, and if it was a movie, it would probably have been made directly for the Sci-Fi channel,
But this is the news that the latest… old…. sorry, latest and old security flaw could affect servers and websites the world over.
The security hole is dangerous, easily exploitable to hackers, and is present in a veritable host of web apps and libraries that could allow hackers and hijackers all access passes to the backstage of vulnerable websites.
Also the fact that HTTPoxy has a name has caused a head on rush by developers to patch the issue, because, you know, if it’s got a name and it’s a computer bug, it makes it more dangerous…
But despite the very real concern that the current latest flaw to make tech headlines can have adverse effects on PHP, Python, GO, and host of other server software, the real worry is how the HTTPoxy bug can still be an issue, 15 years after it was first discovered.
In basic terms, the bug gets its name from the fact it can abuse the HTTP_PROXY header that is part of common server applications, that can be used to hijack all the incoming and outgoing web traffic, and also gain remote access, and that is dangerous.
The HTTPoxy security flaw was first discovered at the beginning of the 21st Century, in 2001, but despite being fixed on the servers it was found on, researchers this month, found that many tools and libraries used by devs today still had the flaw.
Developers have since reacted quickly to patch the flaw, and so in most cases, automatic updating should have fixed the issue for most people running servers.
The reason why not everyone fixed their servers back in 2001 when HTTPoxy was first found, is anyone’s guess, and these days, hopefully, the same flaw wouldn’t be allowed to exist for so long without fixing.
But back in 2001, despite only being 15 years ago, the internet was a different country. Google was only 3 years old, DVDs hadn’t been released, and Windows Vista (The OS of doom) was still 6 years away. So really, it’s probably no surprise.