Re: [tlug] hello from a new / old member

["Stephen J. Turnbull" <stephen@example.com>]

>>>>> "Godwin" == Godwin Stewart <godwin.stewart@example.com> writes:

    Godwin> Note that the vulnreability isn't in PHP itself but in
    Godwin> software written in PHP that doesn't perform adequate
    Godwin> sanity checks before utilising the data posted to it. This
    Godwin> has all too often been the case (phpBB anyone?)

Well, I'm seeing about a dozen different ooh-do-me-do-me.php URLs.  So
I think the vulnerability is the use of PHP.

Cf. http://turnbull.sk.tsukuba.ac.jp/Tools/Attitude/elitism.html

    Godwin> Security by obscurity isn't always the best solution but
    Godwin> it appears to work here. Run sshd on a non-standard port
    Godwin> and have done with it.

Oh, I'm curious to see who knocks; I just don't need to know how many
different accounts/passwords they've managed to collect to date.

Among other things, I've smushed 3 roaches in colleagues' machines.


-- 
School of Systems and Information Engineering http://turnbull.sk.tsukuba.ac.jp
University of Tsukuba                    Tennodai 1-1-1 Tsukuba 305-8573 JAPAN
               Ask not how you can "do" free software business;
              ask what your business can "do for" free software.