On last week I received a dozen of requests related to the one of recent blogposts, and all those requests contain the same two questions:
- Why is it password protected?
- When will it be publicly available?
The short story is: after installing latest Content Server patches I had faced with severe compatibility issues and further research revealed that those compatibility issues are caused by “security enhancements” which do not really look like security fixes, for example, I had spent about 6 hours to find out why my application has started failing when running on latest patchset and how to disable new weird behaviour, and just 30 minutes to write a new proof of concept which bypasses new “security enhancements”. After that I performed a deep analysis of last ten security vulnerabilities, which were announced by EMC as remediated and found the same problem: nothing was fixed, moreover some of them contain so rude mistakes that those mistakes look more like backdoors rather than mistakes. At current state I’m trying to bring together all information I have and this blogpost will be publicly available soon.