lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Pine.LNX.4.21.0701121059230.26643-100000@linuxbox.org>
Date: Fri, 12 Jan 2007 11:06:54 -0600 (CST)
From: Gadi Evron <ge@...uxbox.org>
To: bugtraq@...security.net
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: Re: Web Honeynet Project: announcement,

On Fri, 12 Jan 2007 bugtraq@...security.net wrote:
> The Web Application Security Consortium is also doing such a project at
> http://www.webappsec.org/projects/honeypots/ . May be worthwhile to share data perhaps?

My thoughts exactly!

Although.. it is high time we started getting out of the mindset that web
security equals code security (application security), it doesn't.

Most of these application security issues are important, if not
veru much so, but no matter how not trivial it is, they are
completely solvable.

It's time to get rid of useless application firewalls, etc. and face the
music that there is currently a world of attacks we don't escalate
against and mostly do not know how to defend against on a large
scale. Take a look at zone-h if you need a reality check.

Most of the attacks described in my email are happening from the same IP
addresses, this is open relay days all over again, and it's time to wake
up and start the spam war.

Mitigate the threats by taking down bad sites, filter out bad URLs, filtr
out attacking IP addresses, detect Linux and webserver malware,
etc.
Naturally, also remember the coding issues that caused it, and how we can
fix them. We should also not forget PHP and its contribution to this
mess.

	Gadi.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ