Re: 2003 Web Server Security flaw

From: Karl Levinson [x y] mvp (levinson_k_at_despammed.com)
Date: 12/29/03 

Date: Mon, 29 Dec 2003 07:42:30 -0500

"Nobody" <nobody> wrote in message
news:O0JbRSVzDHA.2928@TK2MSFTNGP09.phx.gbl...

> First, your subject line is very misleading as none of those programs are
> security problems for the web platform provided no one uses them for any
> purpose.

That's a really big "IF" in most large organizations where you can't expect
100% of your server admins to be security experts.

> Second, if you want to "cripple" those programs as you say then you can do
> one of two things:
>
> 1. Delete the corrosponding exe file for each program

Neither deleting files nor using ACLs are effective security measures, as I
argue in another post here.

Relevant Pages

  • Re: Hijack well-known ports
    ... I realize that there's a point where security costs more than it's ... > IPserves no purpose and is a waste of time and resources, ... All I can say is that I hope you aren't involved with network ...
    (comp.security.firewalls)
  • ICMP Scan
    ... I saw this traffic last night on an IDS system inside a firewall. ... It looks to me like the purpose is to ... Security Linux, the comprehensive security solution that combines six ...
    (Incidents)
  • RE: [Full-Disclosure] Vulnerability Disclosure Debate
    ... > The purpose of a lock is not security. ... The purpose of a lock is to keep unauthorized people out. ... Knowledge of limitations is just as important, ...
    (Full-Disclosure)
  • Re: Hide email from spammers
    ... >>serve the purpose of hiding the email address? ... Next I need to learn what the "security" issues are that people keep ... I found one called Jack's FormMail at ...
    (comp.lang.php)
  • Re: strange logs -- tcp port 16166
    ... Security Consultant/Analyst ... Any personal information ... other than the purpose for which you have received it. ... world's premier technical IT security event! ...
    (Incidents)