[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Question regarding script vulnerabilities
- To: full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: Re: [Full-disclosure] Question regarding script vulnerabilities
- From: "Nick FitzGerald" <nick@xxxxxxxxxxxxxxxxxxx>
- Date: Fri, 21 Dec 2012 10:16:58 +1300
Rand wrote:
> I was curious, if you have a virtual dedicated server or a dedicated
> server, and a reasonably trustworthy hosting service, are malicious scripts
> planted by external people a big concern? If so why?
If you have a web server, malicious scripts should be a big concern to
you, yes.
Why would you NOT be concerned that the integrity of your site and the
server running it may be compromised?
Answering your "why" question is focussing on the wrong issue, as
you've rather glibly skipped over a much more important issue -- what
is the basis of your assessment that a hosting service is "reasonably
trustworthy"?
Every site owner/admin on every one of the hundreds of compromised
sites I've had dealings with this year alone was (at least before they
finally recognized they were hosed) of the opinion that their hosting
provider was (at least) "reasonably trustworthy".
They were all -- clearly -- wrong _if_ by that assessment they (and
presumably you) were of the opinion that a "reasonably trustworthy"
hosting provider will not have site/server compromise issues.
I have to assume that they are representative of the many, many, many
hundreds more site owners/operators who never engaged further with my
response to their request for information about why their site was
"blacklisted".
So, what critical baggage are you hiding inside your assessment that a
hosting provider is "reasonably trustworthy"?
Regards,
Nick FitzGerald
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/