Date: Fri, 1 Jun 2001 02:26:39 +0200 From: "Karsten W. Rohrbach" <karsten@rohrbach.de> To: Alex Holst <a@area51.dk> Cc: freebsd-security@freebsd.org Subject: Re: Apache Software Foundation Server compromised, resecured. (fwd) Message-ID: <20010601022639.E85717@mail.webmonster.de> In-Reply-To: <20010601013041.A32818@area51.dk>; from a@area51.dk on Fri, Jun 01, 2001 at 01:30:41AM %2B0200 References: <200105312300.f4VN0RD24448@cwsys.cwsent.com> <Pine.BSF.4.31.0105311621290.52261-100000@localhost> <20010601013041.A32818@area51.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
--jkO+KyKz7TfD21mV Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Alex Holst(a@area51.dk)@2001.06.01 01:30:41 +0000: > That should be verified often with scanssh or something similar. I was > surprised when I read about the compromise, because it gives the impressi= on > that people are still using passwords (as opposed to keys with passphrase= s) > for authentication in this day and age. Is that correct? If so, why is th= at? there are people on the net that have telnetd listening on their servers. there are people on the net who run outdated versions of whatever you want (see netcraft apache versions or the dns server versions thingamabob that states that there are still ~30% bind 4.x boxes out there and a shitload of bind<8.2.3). there are big sites running old wu-ftpd's on badly patched slowlaris systems. i even heard of people publishing their web documents with iis on nt or 2000. the security discussion is always split: 1) improvement of current operating systems and daemon software 2) how to prevent people from inviting crackers to their boxes running outdated crap cheers, /k --=20 > As a computing professional, I believe it would be unethical for me to > advise, recommend, or support the use (save possibly for personal > amusement) of any product that is or depends on any Microsoft product. > --David H. Wolfskill KR433/KR11-RIPE -- WebMonster Community Founder -- nGENn GmbH Senior Techie http://www.webmonster.de/ -- ftp://ftp.webmonster.de/ -- http://www.ngenn.n= et/ karsten&rohrbach.de -- alpha&ngenn.net -- alpha&scene.org -- catch@spam.de GnuPG 0x2964BF46 2001-03-15 42F9 9FFF 50D4 2F38 DBEE DF22 3340 4F4E 2964 B= F46 --jkO+KyKz7TfD21mV Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE7FuE/M0BPTilkv0YRAgtmAKCqAM/AtRqtTMM7rczDQysDLhXj3ACgmTMo J2dtI7voUlAAid6dAgNHtC8= =PkH2 -----END PGP SIGNATURE----- --jkO+KyKz7TfD21mV-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010601022639.E85717>