[plug] MS vulnerability

Quintin Lette quintin at arach.net.au
Fri Aug 15 17:11:05 WST 2003


Just because they can, doesn't necessarily mean they will, and I would say 
that you have a better chance of security running debian than a version of 
winblows, also webservers allow access to themselves from the outside world 
(part of their role really) which we are trying to stop with a debian box. :)

yes, I would agree they are running debian :)

quin at dugite:~$ lynx -head -dump http://www.gnu.org
HTTP/1.1 200 OK
Date: Fri, 15 Aug 2003 09:05:15 GMT
Server: Apache/1.3.26 (Unix) Debian GNU/Linux mod_python/2.7.8 Python/2.1.3
Last-Modified: Wed, 13 Aug 2003 17:41:48 GMT

they aren't as up to date as my debian system either...

quin at dugite:~$ lynx -head -dump http://scorpion   
HTTP/1.1 200 OK
Date: Fri, 15 Aug 2003 09:05:33 GMT
Server: Apache/1.3.27 (Unix) Debian GNU/Linux PHP/4.1.2 mod_ssl/2.8.14 
OpenSSL/
0.9.7b mod_perl/1.27

which is where the main problem really lies... a system is only as good as 
its' system administrator, and how up to date he keeps it, and whether or not 
he applies the patches.

Just my 2c

Quintin

On Fri, 15 Aug 2003 05:01 pm, Ben Jensz wrote:
> Craig Ringer wrote:
> > ... and feel the desire to do so, rather then quietly sneaking a fix
> > into the next service pack. I do have to wonder how often that happens
> > (and in OSS stuff too, wouldn't be too hard to hide a security fix in
> > a patch that does something else on the same file).
> >
> > As for the best firewall choice: Debian :-)
>
> Debian didn't stop GNU's web server from being gotten into :)
>
> http://zdnet.com.com/2100-1105_2-5063658.html  (thanks to Kai for the link)
>
> It doesn't say in the article that its Debian, but a quick check with
> Netcraft's "Whats that web server running?" tool shows that it is.
>
> > Craig



More information about the plug mailing list