We previously touched on Rackspace’s bad security when it comes to their clients, but they also don’t feel the need to take a basic security measure with their own website. That basic security measure being that that you should keep software running on your website up date. By doing that you prevent your website from being able to exploited though a known vulnerability in older versions of the software.
Rackspace’s Knowledge Center website is still running Drupal 7.18:
That version is now a year out of date and Rackspace has failed to apply four security updates (7.19, 7.20, 7.24, and 7.26). With each of those security updates it has been urged that “Sites are urged to upgrade immediately after reading the security announcement.”. Updating between versions of Drupal 7 is relatively easy, so there isn’t any excuse for them not to have updated it. It also raises the question if Rackspace is handling the rest of their security, much of which is not as visible, as poorly as they are with this.