[plug] Liberal Party website - Query
David Dartnall
darts at dialix.com.au
Wed Oct 10 20:28:24 WST 2007
Patrick Coleman wrote:
> David Dartnall wrote:
>
>> How do you determine the OS on the Liberal Party server?
>>
>
> Looking at the error pages normally works: http://www.liberal.org.au/dfgdfgdfg
>
>
>> In the event that it's M$ this may be a good opportunity to give Linux
>> a plug.
>> Less susceptible to this type of attack?
>>
>
> Unfortunately probably not; this is a (very) sloppy web programming
> issue rather than an OS insecurity. It's just as easy to have an issue
> like this on with a badly written PHP application on a misconfigured
> UNIX server.
>
>
>> Do their IT experts make a lot of sense in what they say?
>>
>
> I'm guessing no - opening files based on unscreened user input is like
> Web Security 101. Full marks to whoever wrote this.
>
> -Patrick
> _______________________________________________
> PLUG discussion list: plug at plug.org.au
> http://www.plug.org.au/mailman/listinfo/plug
> Committee e-mail: committee at plug.linux.org.
>
Oh well, worth a try. Thanks Patrick.
Dave D
More information about the plug
mailing list