| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <62915818.20080114181550@SECURITY.NNOV.RU> Date: Mon, 14 Jan 2008 18:15:50 +0300 From: 3APA3A <3APA3A@...URITY.NNOV.RU> To: Nick FitzGerald <nick@...us-l.demon.co.uk> Cc: Untitled <full-disclosure@...ts.grok.org.uk> Subject: Re: what is this? Dear Nick FitzGerald, --Monday, January 14, 2008, 2:52:23 PM, you wrote to full-disclosure@...ts.grok.org.uk: NF> Ummmm -- the only part of that likely to be relevant here is the last. NF> These kinds of web page "compromises" are typically achieved through NF> bad/ill-configured/non-updated server-side web applications (or NF> their underlying script engines) and are typically achieved without NF> requiring any more special or privileged access to the victim sites NF> than the ability to run a clever Google search or your own NF> brute-force spidering via a bot-net, etc. During last few months, we monitor mass infection attempts through stollen FTP passwords. Yes, web exploitation scenario is also possible. These are automated exploitation requests received during a single day: http://securityvulns.com/files/exprequests.txt In this case there is a quick workaround (and also a good security practice) of disabling write access for web server account. Of cause, investigation is required anyway. -- ~/ZARAZA http://securityvulns.com/ Всегда будем рады послушать ваше чириканье (Твен) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists