Phishing - Linux boxes are vulnerable
Res
res at ausics.net
Sat Oct 6 23:27:08 UTC 2007
On Sat, 6 Oct 2007, Jacques B. wrote:
>>
>> No mater how secure the server, there will always be one idiot who will
>> install some script that will get them hijacked.
>>
>> Cheers
>> Res
>
> In fairness it's not always the host owner's fault. If they wrote the
> code, then yes they created the vulnerability. But many people will
> buy an application from a company. In those cases the owner of the
I can see your point of view, however it's their fault for not making
sure they know what they are using, many people "hear" about this
php.some.script, d/l it and use it because it does what they want,
without looking into it, or even knowing if it's the latest version or
fully understanding it.
> domain/site can't be faulted. He/she purchased an application from a
> web developing company. If your machine gets compromised because of
> an undocumented hence unpatched vulnerability in Apache, or SSH, or
> whatever, are you the "idiot"? If we hold you to the same standards
> that you are holding these domain owners, then the answer would be
> "yes".
There is a difference, I use no daemon that I don't understand the
workings of, where as most hosting customers don't even want to know, so
long as it does what they want.
However, if a server is taken because of a vulnerability that I read of
and still left that service active, then yes, I would be, and if a
server was taken because I ran some new daemon that "did this" and I
thought it would be cool to have, and installed it without knowing what
was it really does either by design fault or mis-configuration, then
again, yes I would be.
--
Cheers
Res
Slackware -V- sloooUbuntoooou
http://lxer.com/module/newswire/view/93393/
More information about the fedora-list
mailing list