Mailing List Archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tlug] hello from a new / old member

>>>>> "Godwin" == Godwin Stewart <> writes:

    Godwin> Note that the vulnreability isn't in PHP itself but in
    Godwin> software written in PHP that doesn't perform adequate
    Godwin> sanity checks before utilising the data posted to it. This
    Godwin> has all too often been the case (phpBB anyone?)

Well, I'm seeing about a dozen different ooh-do-me-do-me.php URLs.  So
I think the vulnerability is the use of PHP.


    Godwin> Security by obscurity isn't always the best solution but
    Godwin> it appears to work here. Run sshd on a non-standard port
    Godwin> and have done with it.

Oh, I'm curious to see who knocks; I just don't need to know how many
different accounts/passwords they've managed to collect to date.

Among other things, I've smushed 3 roaches in colleagues' machines.

School of Systems and Information Engineering
University of Tsukuba                    Tennodai 1-1-1 Tsukuba 305-8573 JAPAN
               Ask not how you can "do" free software business;
              ask what your business can "do for" free software.

Home | Main Index | Thread Index

Home Page Mailing List Linux and Japan TLUG Members Links