| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: pauls at utdallas.edu (Schmehl, Paul L) Subject: Re: Information Disclosure with Invision Board installation (fwd) Ummm....isn't it (or at least shouldn't it be) standard practice to remove these types of things entirely from internet exposed equipment? Small test programs that are meant to ensure the installer that everything is working as expected should never exist on production servers anyway. (Where never exist means "removed" or "chmod 000", etc.) Is it really the vendor's responsibility to remove them from the distribution? After all, they are helpful when used properly. And any admin worth their paycheck should know better than to leave such bits lying around for the "bad guys" to use. Paul Schmehl (pauls@...allas.edu) Department Coordinator The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu/~pauls/ > -----Original Message----- > From: Ka [mailto:ka@...dr.net] > Sent: Wednesday, September 25, 2002 6:55 AM > To: Gossi The Dog; full-disclosure@...ts.netsys.com; > bugtraq@...urityfocus.com > Subject: [Full-Disclosure] Re: Information Disclosure with > Invision Board installation (fwd) > > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Well, Gossi, > > I agree with your standpoint. Some "project leaders" > easily turn into "project defenders" when one takes > a closer look at their project. .o)
Powered by blists - more mailing lists