[thelist] DJC -- Major Security Hole in Evolt.org?
Anthony Baratta
Anthony at Baratta.com
Wed Dec 5 23:51:02 CST 2001
At 09:41 PM 12/5/2001, you wrote:
>Have to check -- but it scares me either way.
This is a fact for all users that have local access. They can do "weird"
things and leave holes for others to get into sites with. Heck even
established web scripts have well known holes that can cause a server to be
exploited in different ways.
It's a totally different animal when someone exploits a hole in a service
and "roots" the machine. They are attacking a machine from the outside,
versus a user who already has telnet/ssh access.
Allowing users on your box is the most dangerous thing you can do, next to
connecting your box to a network.
---
Anthony Baratta
President
Keyboard Jockeys
"Conformity is the refuge of the unimaginative."
More information about the thelist
mailing list