| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 30 Jul 2010 08:04:17 -0400
From: Valdis.Kletnieks@...edu
To: Christian Sciberras <uuf6429@...il.com>
Cc: mustlive@...security.com.ua, full-disclosure@...ts.grok.org.uk,
fxchip@...il.com
Subject: Re: Day of bugs in WordPress 2
On Fri, 30 Jul 2010 08:37:25 +0200, Christian Sciberras said:
> How does writing your site/project from scratch, (I presume that's what you
> mean when you suggest a text editor as a replacement for a CMS), result in
> "higher" security?
It may not help security *directly*, but there's several indirect benefits:
1) If the person posting has to know how the damned thing works, they might
actually *notice* when they get pwned and not let it fester for weeks on end.
2) Smaller attack surface - if I'm running *just* an Apache instance without a
lot of complicated mod_* bells and whistles, and using stuff like vi to compose
new pages, that's a lot harder to attack than a site that has some 8 million
line of code monstrosity on the front end.
And there's a side benefit - if it was harder to post, fewer idiots would
figure out how, and people would think twice before posting. So we'd have
percentage wise more well thought out and researched postings and less total
crap to wade through. Admittedly, we'd probably lose a number of blogs that
are worth reading for amusement just for the total Fail quotient. ;)
Content of type "application/pgp-signature" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists