Phishing - Linux boxes are vulnerable

[Res]

On Sat, 6 Oct 2007, Jacques B. wrote:

>>
>> No mater how secure the server, there will always be one idiot who will
>> install some script that will get them hijacked.
>>
>> Cheers
>> Res
>
> In fairness it's not always the host owner's fault.  If they wrote the
> code, then yes they created the vulnerability.  But many people will
> buy an application from a company.  In those cases the owner of the

I can see your point of view, however it's their fault for not making 
sure they know what they are using, many people "hear" about this 
php.some.script, d/l it and use it because it does what they want, 
without looking into it, or even knowing if it's the latest version or 
fully understanding it.


> domain/site can't be faulted.  He/she purchased an application from a
> web developing company.  If your machine gets compromised because of
> an undocumented hence unpatched vulnerability in Apache, or SSH, or
> whatever, are you the "idiot"?  If we hold you to the same standards
> that you are holding these domain owners, then the answer would be
> "yes".

There is a difference, I use no daemon that I don't understand the 
workings of, where as most hosting customers don't even want to know, so 
long as it does what they want.

However, if a server is taken because of a vulnerability that I read of 
and still left that service active, then yes, I would be,  and if a 
server was taken because I ran some new daemon that "did this" and I 
thought it would be cool to have, and installed it without knowing what 
was it really does either by design fault or mis-configuration, then 
again, yes I would be.


-- 

Cheers
Res

Slackware -V- sloooUbuntoooou
http://lxer.com/module/newswire/view/93393/