On Sat, 17 Jul 2010 17:33:44 +0530, Sandeep Sengupta said: > 1. we spoke to Univ system admin over the phone yesterday. They are > aware of the problem. Now upto them how much time they will take to > rectify it. We hope they atleast have the wisdom to bring the site > down till it is debugged. That turns out to often be a harder decision than it looks. Taking the website down has its own costs - nobody can do any of the things the website supports. If you have good web logs and are fairly confident that you will be able to detect and deal with any actual malicious activity, it may actually make sense to keep the website up. It's tradeoffs - which costs more, the possible damage done by an attack, or the *known* damage caused by an outage?
Attachment:
pgpLxtnuUHX_d.pgp
Description: PGP signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/