| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1076984515.3302.8.camel@mordor.mrplaydoh.org> From: g0d at mrplaydoh.org (g0d) Subject: New Security News Website On Mon, 2004-02-16 at 15:28, Paul Schmehl wrote: > --On Monday, February 16, 2004 1:49 PM -0800 "Gregory A. Gilliss" > <ggilliss@...publishing.com> wrote: > > > You're kidding, right? Me thinks you *need* some hacker intel! > > So you think a simple nmap scan is sufficient to determine if a host is > insecure? Interesting. > > If you scanned my Windows XP boxes, you'd find a bunch of juicy ports open. > What you wouldn't find is a hackable daemon. All the open ports feed a > program that captures the packets for analysis later. The boxes are > running no Internet-addressable services. Yet, from an nmap scan you might > (wrongly) assume that those boxes were grossly insecure. > > This is the Internet. Things are not always what they seem. And open > ports don't always mean negligence. on a host running a production website common sense would dictate that *any* non-essential services be turned off, if for no other reason then the fact that having multiple services running makes the host a prime target for attacks. i should think this is even more true when the host is running a website that has been advertised on a mailing list which attracts the specific element of computing society with a bent towards system compromise. while having a test box out there 'in the wild' accumulating data on currently-employed techniques for cracking hosts, methinks that functionality would be better suited to a separate host.
Powered by blists - more mailing lists