| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon Mar 27 10:40:11 2006 From: j.grosjean at proxiad.com (Julien GROSJEAN - Proxiad) Subject: Secure HTTP Changing default port simply reduce the number of attacks... Sure, if you don't secure your service, it will change nothing.. Here, it simply stop attacks, so, i make the conclusion than it was robot attacks... Kenneth Ng a ?crit : > On 3/24/06, Valdis.Kletnieks@...edu <Valdis.Kletnieks@...edu> wrote: >> Do the frikking SSL correctly on port 443 like the RFCs intend rather >> than cooking up some half-assed proxy scheme to work around it. >> >> <insert standard "if I had a nickle for every time somebody proposed a >> partial solution for the wrong part of the problem instead of doing it >> in the well-understood correct way in the first place, I'd be long since >> retired" speech here....> > > You would be more than rich. You won't believe the number of > "security improvements" I've had to knock down. One application had > all the ports reassigned to all non standard ports. When I asked why > such a brain dead thing was done, they said it was for security, and > that "it would be too much work to find these ports". Then I showed > them nmap with the port identification option. Their jaw dropped to > the floor. They had *NO* security. Anonymous ftp world writable, > http with no id or password allowing web page updating, telnet with no > id or password. Needless to say, a redesign was required. > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
Powered by blists - more mailing lists