[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-security] RE: Gareth's NT and FrontPage note and the Sun Response WRT FrontPage

Subject: [cobalt-security] RE: Gareth's NT and FrontPage note and the Sun Response WRT FrontPage
From: "Michael J. Cannon" <mcannon@xxxxxxxxxxxxxx>
Date: Thu, 9 Aug 2001 01:10:38 -0500
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Bottom line, ChiliSoft and the effects are imposing a 'behaviour' on Apache
and other server systems that is decidedly and provably insecure and dumb,
for the sake of user 'convenience.'

It opens holes in Apache and other systems it is applied to that have been
exploited in the past and will be exploited in the future.  Check ARIS,
dshield and CVE/CAIDA for records.

It's a dumb idea and anyone using it deserves what they get.  Sun's
allegation that they don't use FrontPage 'extensions' is a red herring.
They impose an inherently insecure behaviour on a system.  The black hats
are aware of it and plotting as we speak.  I think it will be far less than
a month before we see the first FrontPage and Apache attacks.

As to the comment on NT and Code Red, that was true until Sunday.  It is not
now.

Mike

Prev by Date: [cobalt-security] Re: Code Red Countermeasures [WAS: RE: Code Red Special Effects]
Next by Date: SV: [cobalt-security] .htaccess question.
Previous by thread: Re: [cobalt-security] Re: Code Red Countermeasures [WAS: RE: Code Red Special Effects]
Next by thread: [cobalt-security] Re: Unix worm to kill codered.

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index