http://www.brianmadden.com/blogs/hans_straat/default.aspxHans Straat is the founder of Datacrash.net, a news feed and blog that also offers a server based computing forum, white papers, and other technical resources. Hans is a MCSE in Windows NT4, 2000, and 2003, in addition to specializing in Citrix.enCommunityServer 2008.5 (Build: 30929.2835)http://www.brianmadden.com/blogs/hans_straat/archive/2007/10/11/security-researcher-warns-about-citrix-vulnerability.aspx#728Tue, 16 Oct 2007 12:01:23 GMTa59ee4a9-9560-4436-b47c-b649e4ba6aaa:728hans straatLike said in my comments on the article and on the dutch site tweakers.net the biggest risk is still the user. This is not a bug but they simply use the ICA client to gain access to an environment. You still need user credentials to logon to such an environment and most environments don't have ftp or tftp open only port 80 for internet browsing. <div style="clear:both;"></div><img src="http://www.brianmadden.com/aggbug.aspx?PostID=728" width="1" height="1">http://www.brianmadden.com/blogs/hans_straat/archive/2007/10/11/security-researcher-warns-about-citrix-vulnerability.aspx#727Fri, 12 Oct 2007 19:42:08 GMTa59ee4a9-9560-4436-b47c-b649e4ba6aaa:727GuestThe sad thing is that a manager level will read this article and immediatly panic thinking that their Citrix environment is not secure. Anyone with any network savy will see that this is not a Citrix issue.<div style="clear:both;"></div><img src="http://www.brianmadden.com/aggbug.aspx?PostID=727" width="1" height="1">http://www.brianmadden.com/blogs/hans_straat/archive/2007/10/11/security-researcher-warns-about-citrix-vulnerability.aspx#726Fri, 12 Oct 2007 02:30:31 GMTa59ee4a9-9560-4436-b47c-b649e4ba6aaa:726GuestHave to agree, that looks more like someone who doesn't know what they are doing at implementation rather than technical problems with Citrix. <div style="clear:both;"></div><img src="http://www.brianmadden.com/aggbug.aspx?PostID=726" width="1" height="1">http://www.brianmadden.com/blogs/hans_straat/archive/2007/10/11/security-researcher-warns-about-citrix-vulnerability.aspx#725Fri, 12 Oct 2007 01:53:53 GMTa59ee4a9-9560-4436-b47c-b649e4ba6aaa:725GuestThis article was also posted in eWeek - but if you look at the detail you will see that the problem is a CPS server sitting directly on the internet with no security. More of an imprementation issue than a CPS issue.<div style="clear:both;"></div><img src="http://www.brianmadden.com/aggbug.aspx?PostID=725" width="1" height="1">