lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Sat, 10 Aug 2013 10:29:42 -0700 (PDT)
From: terry white <twhite@...ota.com>
To: Gichuki John Chuksjonia <chuksjonia@...il.com>
cc: bugtraq@...urityfocus.com
Subject: Re: [Full-disclosure] Apache suEXEC privilege elevation / information
 disclosure


... ciao:

: on "8-10-2013" "Gichuki John Chuksjonia" writ:

: most of the Admins who handle webservers 
: in a network are also developers 
 
   name , just a "few"


: most of the organizations will always need to cut on expenses, 
 
   history suggests, security breaches, are NOT a profit center.


: and as we know
 
   i'd prefer, that you not include me in that knowledge base.


   things like:

: most of the developers will just look into finishing work and 
: making it work
   AND
: So if something doesn't run due to httpd.conf, you will find these 
: guys loosening server security, therefore opening holes to the 
: infrastructure
   AND
:     From: guess who < NotMyDomain @ gmail.com >

   do not typically inspire confidence, or the illusion of a working 
knowledge about the subject at hand.  on a parallel track. 

   i'm a ham, WD0FPC, and every so often a new operator, sets about 
becoming an "expert", offering their "two cents" worth. i am yet to see a 
case in which it didn't go one of three ways; (a) left the hobby, (b) 
became an operator worthy of license class, and (c), didn't.
   computing, and amateur radio, both the classic 'community', with 
knowledge as lifeblood, and the willingness to help its life energy.  in 
some schools of thought, both individually, and collectively, a deserved 
respect inherent.
 
   solidified ignorance, flawed assumptions, and faulty logic, able to 
ignore all that.

   for a while ... 
 
-- 
... it's not what you see ,
    but in stead , notice ...

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ