User-Agent based attacks are a low-key risk that shouldn't be overlooked

Old, unpatched vulnerabilities allow hackers to take over systems using the User-Agent string -- an elementary part of virtually every HTTP request. It is a known fact that while the majority of vulnerabilities discovered or reported are fixed by the vendor and a patch is issued, many systems end up not being patched in a timely manner or even at all, for that matter. There are many possible reasons for that, the most common being: Automatic updates are turned off. Update postponed by the user (usually due to an inconvenient timing). Unattended or remote servers are not supervised. Updates require… [Continue Reading]