Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: phpBB Ban

from [Ole Martin Eide] Network Security [Permanent Link]
Subject: Re: phpBB Ban
Date: Wed, 20 Apr 2005 17:49:02 +0200 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Joseph Miller wrote:

The reason that I think that a ban would be important for a project such as 
phpBB is because of its wide use.  One attacker could spend a single day and 
attack hundreds or even thousands of websites that have pbpBB using a single 
script and a web search engine.  This type of wide deployment makes this 
program more of a risk than just a problem with one or two servers.  This 
type of problem becomes global.


The use of 'Windows' is also widespread. Over the years it has been
patched more times than a human can count. Does this mean administrators
should enforce the use of other operating systems?

To make a sharp statement; most web scripts around has some kind of bug,
at some point, that will compromise the site and/or even more.

My view is that there will always be bugs, and people to find them and
use them. So the only thing we can do is to prepare for it to happen.
Thank god for mod_sec :)

- --
Med vennlig hilsen / Regards
Ole Martin Eide
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (MingW32)

iD8DBQFCZnnu0VCmgbOm9IMRArL3AJ9D+9ZBNQR9fiBwJdtzkkb0i6cNagCfeyQC
0l1yuDx0aw5zYn8LJaLre7U=
=4ps8
-----END PGP SIGNATURE-----
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  random character checking at logon, jimtames
Next by Date:  Re: suggesting passwds to users, Robert Hajime Lanning
Previous by Thread:  random character checking at logon, jimtames
Next by Thread:  Re: phpBB Ban, Joseph Miller
Indexes:  [Date] [Thread] [Top] [All Lists]