Zero-day or not zero-day?Hackers and victim disagree.But one thing is clear. If the organisation that *makes* the software can't keep its own installations secure, what hope do other sites have?