[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Phishing - Linux boxes are vulnerable



On Sat, 6 Oct 2007, Jacques B. wrote:


No mater how secure the server, there will always be one idiot who will
install some script that will get them hijacked.

Cheers
Res

In fairness it's not always the host owner's fault.  If they wrote the
code, then yes they created the vulnerability.  But many people will
buy an application from a company.  In those cases the owner of the

I can see your point of view, however it's their fault for not making sure they know what they are using, many people "hear" about this php.some.script, d/l it and use it because it does what they want, without looking into it, or even knowing if it's the latest version or fully understanding it.


domain/site can't be faulted.  He/she purchased an application from a
web developing company.  If your machine gets compromised because of
an undocumented hence unpatched vulnerability in Apache, or SSH, or
whatever, are you the "idiot"?  If we hold you to the same standards
that you are holding these domain owners, then the answer would be
"yes".

There is a difference, I use no daemon that I don't understand the workings of, where as most hosting customers don't even want to know, so long as it does what they want.

However, if a server is taken because of a vulnerability that I read of and still left that service active, then yes, I would be, and if a server was taken because I ran some new daemon that "did this" and I thought it would be cool to have, and installed it without knowing what was it really does either by design fault or mis-configuration, then again, yes I would be.


--

Cheers
Res

Slackware -V- sloooUbuntoooou
http://lxer.com/module/newswire/view/93393/


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]