On Sat, 6 Oct 2007, Jacques B. wrote:
No mater how secure the server, there will always be one idiot who will
install some script that will get them hijacked.
Cheers
Res
In fairness it's not always the host owner's fault. If they wrote the
code, then yes they created the vulnerability. But many people will
buy an application from a company. In those cases the owner of the
I can see your point of view, however it's their fault for not making
sure they know what they are using, many people "hear" about this
php.some.script, d/l it and use it because it does what they want,
without looking into it, or even knowing if it's the latest version or
fully understanding it.
domain/site can't be faulted. He/she purchased an application from a
web developing company. If your machine gets compromised because of
an undocumented hence unpatched vulnerability in Apache, or SSH, or
whatever, are you the "idiot"? If we hold you to the same standards
that you are holding these domain owners, then the answer would be
"yes".
There is a difference, I use no daemon that I don't understand the
workings of, where as most hosting customers don't even want to know, so
long as it does what they want.
However, if a server is taken because of a vulnerability that I read of
and still left that service active, then yes, I would be, and if a
server was taken because I ran some new daemon that "did this" and I
thought it would be cool to have, and installed it without knowing what
was it really does either by design fault or mis-configuration, then
again, yes I would be.
--
Cheers
Res
Slackware -V- sloooUbuntoooou
http://lxer.com/module/newswire/view/93393/
