[thelist] DJC -- Major Security Hole in Evolt.org?

Anthony Baratta Anthony at Baratta.com
Wed Dec 5 23:51:02 CST 2001


At 09:41 PM 12/5/2001, you wrote:
>Have to check -- but it scares me either way.

This is a fact for all users that have local access. They can do "weird" 
things and leave holes for others to get into sites with. Heck even 
established web scripts have well known holes that can cause a server to be 
exploited in different ways.

It's a totally different animal when someone exploits a hole in a service 
and "roots" the machine. They are attacking a machine from the outside, 
versus a user who already has telnet/ssh access.

Allowing users on your box is the most dangerous thing you can do, next to 
connecting your box to a network.
---
Anthony Baratta
President
Keyboard Jockeys

"Conformity is the refuge of the unimaginative."





More information about the thelist mailing list