2017 BEST PRACTICEs CONFERENCES SERIES - BOOK YOUR PLACE TODAY!
EUROPE, Middle EAST & AFRICASTARTS IN:
NORTH and south americasSTARTS IN:
ORLANDO, FL USA
asia pacificSTARTS IN:
KOTA KINABALU, MALAYSIA
News : Sophos Web Appliance Update Crashes Call Centre
Sydney, NSW, Australia, June 29, 2015 -- A Sophos Web Appliance update has crashed users' PC fleets including knocking offline the Australian call centre of a global company for two days after support was quietly revoked for SSL 3.0 ciphers used in Citrix Receiver.
The British security firm pushed out update version 22.214.171.124 last week to correct four non-critical issues and an undocumented blocking of SSL 3.0.
Sophos has been contacted for comment.
That update killed all but the latest versions of Citrix Receiver. The new Citrix offering was updated to ward off POODLE downgrade attacks.
Correspondence between Sophos and its customers seen by El Reg reveals the company has fielded multiple complaints from users caught off-guard by the mess.
The Australian contact centre for a large unnamed international organisation was knocked offline for two days - and is still enduring some outages - after the update prevented operators from accessing a portal required to make mission-critical entries.
That crash hit without warning according to a system administrator caught up in the mess and who requested anonymity.
The admin says Sophos did not warn of its SSL 3.0 revocation and took 24 hours to respond with an answer to his queries.
The Sophos update could not be rolled-back forcing the admin to undergo unplanned complex Citrix upgrade late last week across the three global sites, an operation that is still ongoing.
He says that upgrade would normally be planned and coordinated in advance.
The admin faced questions from concerned senior management and while he thanked some helpful Sophos engineers has asked the vendor to apologise.
Posted by Veronica Silva Cusi, news correspondent
Today's Tip of the Day - Think About Demotivating Your Staff
Sophos is a developer and vendor of computer security software and hardware, providing communication endpoint, encryption, network security, email security and mobile security as well as unified threat management products.
Published: Tuesday, June 30, 2015