I heard that the web was slow today.

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MEd Skinner at <-
M++\der.hans at ->
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: George Toft
Date:  
Subject: I heard that the web was slow today.
Ed Skinner wrote:
> 
>      When an auto manufacturer builds an Edsel do we blame the mechanic at
> the corner gas station? I might be tempted to switch mechanics to keep the
> thing running but if Ford keeps sending out recall notices, at some point I'm
> gonna start looking at a new car, maybe from Finland.

>
> --
> Ed Skinner, , http://www.flat5.net/
> ---------------------------------------------------
> PLUG-discuss mailing list -
> To subscribe, unsubscribe, or to change you mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss


When you drive that car in the sand, and it gets stuck, maybe it's not
Ford's fault? Why, oh why, does anyone put a database server with any
interface exposed to the Internet? WTF are these people thinking? The
spread of the worm is not Microsoft's fault (directly) - it is the fault
of whoever put together the architecture that puts a database on the
Internet without a couple firewalls and an App server in front of it.
That is probably caused by the Cracker Jacks Box MCSE's that are
clueless about security, which *is* Microsoft's fault as their
curriculum doesn't (or didn't anyway) discuss basic security.

I have a database server and an LDAP server. There are two firewalls
between the Internet and the databases. And this is my home network!


And that Finnish car? Hmmm... let's see, I discovered and reported two
security exposures/vulnerabilities two weekends ago in SSH and MySQL.
One allows you to remotely discover the root password on a system
configured to block root logins, and the other allows you to recall
administrator commands (which may contain passwords) as a regular user.
I also discovered you can ftp into an account using Midnight Commander
without presenting the credentials if you logged in once before. Some
may call it a convenience - I call it a gaping hole. This is corrected
in the current release.


As I see it, each manufacturer has their own set of problems - it's up
to us as intelligent architects to not do stupid things with our cars.


George Toft
Sr. Computer Security Tech

This message was posted to the following mailing lists:
Plug Discuss
Mailing List Info | Nearby Messages		<-the best laptop for linuxMovie database recommends?->
Some Mailing List Archive administrated by UnconfiguredLurker (version 2.3)