| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <200408150034.56328.fulldisc@ultratux.org> From: fulldisc at ultratux.org (Maarten) Subject: lame bitching about xpsp2 On Saturday 14 August 2004 22:00, Niek Baakman wrote: > devis said the following on 8/13/2004 8:01 PM GMT+2: > > MS web server full of damn holes? What about apache ? > What do you think would happen if you do not update your apache for a year, > or openssh, or any piece of software ? > What do you think would happen if you did not apply those MaxOSX updates > which Apple released over the past few months? > Don't talk about releaking and only mention Microsoft. > There are opensource programs which have the same track record. A) Apache has a way better track record than IIS. Jeez, it's not even in the same ballpark... B) Apache does not run in kernelspace. IIS does. Therefore, an apache exploit yields unprivileged user access. IIS on the other hand yields full compromise Oh, and as an aside: patching often is indeed neccessary, on all platforms. But at least MY vendor doesn't take several _months_ to provide such a patch. Unlike some other vendor we all know. Maarten -- Yes of course I'm sure it's the red cable. I guarante[^%!/+)F#0c|'NO CARRIER
Powered by blists - more mailing lists