'Tragically comedic' flaw gives anyone root access to 900,000 Internet servers