Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Full-Disclosure] RE: Worm hitting PHPbb2 Forums

from [Valdis . Kletnieks] Network Security [Permanent Link]
Subject: Re: [Full-Disclosure] RE: Worm hitting PHPbb2 Forums
Date: Sat, 25 Dec 2004 02:11:39 -0500 
On Wed, 22 Dec 2004 22:51:40 MST, "Mattias R. Lindgren" said:


There is a workaround posted http://forums.ir0x0rz.com/viewtopic.php?t=34

I'm hoping this will be enough to protect phpBB installs.


As I understand it, the phpBB *fix* is a whole whopping one-liner,
or you can upgrade to a fixed release of phpBB (2.0.11)

http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2004-11/1204.html

That was a *MONTH* ago. And now that *finally* a worm shows up, people are
running around trying to "protect" stuff they should have *fixed* already??

Quite frankly, if the people you're trying to protect can't find the time
in *a month* to deploy a one-line fix, quite obviously *they* don't care about
their stuff.  Why are you doing things to enable them to *keep* not caring?

But then, I've never been able to watch news stories about "800 pound person
needs 4 people to help them up taking them to the hospital".  If you're 800
pounds and bedridden, who's bringing you the food?

Do your users a favor - don't keep feeding them when they're 800 pounds already.

Oh yeah - and everybody out there, have a happy <appropriate winter solstice
holiday>... :)

Attachment: pgpUkdtrEZbQt.pgp
Description: PGP signature

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Full-Disclosure] [ GLSA 200412-26 ] ViewCVS: Information leak and XSS vulnerabilities, Thierry Carrez
Next by Date:  Re: [Full-Disclosure] Windows (XP SP2) Remote code executionwithparameters, morning_wood
Previous by Thread:  [Full-Disclosure] RE: Worm hitting PHPbb2 Forums, Mattias R. Lindgren
Next by Thread:  [Full-Disclosure] multiple remote root vulns in Rosiello rFTPD and RPF, Slotto Corleone
Indexes:  [Date] [Thread] [Top] [All Lists]