[plug] MS vulnerability
Quintin Lette
quintin at arach.net.au
Fri Aug 15 17:11:05 WST 2003
Just because they can, doesn't necessarily mean they will, and I would say
that you have a better chance of security running debian than a version of
winblows, also webservers allow access to themselves from the outside world
(part of their role really) which we are trying to stop with a debian box. :)
yes, I would agree they are running debian :)
quin at dugite:~$ lynx -head -dump http://www.gnu.org
HTTP/1.1 200 OK
Date: Fri, 15 Aug 2003 09:05:15 GMT
Server: Apache/1.3.26 (Unix) Debian GNU/Linux mod_python/2.7.8 Python/2.1.3
Last-Modified: Wed, 13 Aug 2003 17:41:48 GMT
they aren't as up to date as my debian system either...
quin at dugite:~$ lynx -head -dump http://scorpion
HTTP/1.1 200 OK
Date: Fri, 15 Aug 2003 09:05:33 GMT
Server: Apache/1.3.27 (Unix) Debian GNU/Linux PHP/4.1.2 mod_ssl/2.8.14
OpenSSL/
0.9.7b mod_perl/1.27
which is where the main problem really lies... a system is only as good as
its' system administrator, and how up to date he keeps it, and whether or not
he applies the patches.
Just my 2c
Quintin
On Fri, 15 Aug 2003 05:01 pm, Ben Jensz wrote:
> Craig Ringer wrote:
> > ... and feel the desire to do so, rather then quietly sneaking a fix
> > into the next service pack. I do have to wonder how often that happens
> > (and in OSS stuff too, wouldn't be too hard to hide a security fix in
> > a patch that does something else on the same file).
> >
> > As for the best firewall choice: Debian :-)
>
> Debian didn't stop GNU's web server from being gotten into :)
>
> http://zdnet.com.com/2100-1105_2-5063658.html (thanks to Kai for the link)
>
> It doesn't say in the article that its Debian, but a quick check with
> Netcraft's "Whats that web server running?" tool shows that it is.
>
> > Craig
More information about the plug
mailing list