[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Question regarding script vulnerabilities



Rand wrote:

> I was curious, if you have a virtual dedicated server or a dedicated
> server, and a reasonably trustworthy hosting service, are malicious scripts
> planted by external people a big concern? If so why?

If you have a web server, malicious scripts should be a big concern to 
you, yes.

Why would you NOT be concerned that the integrity of your site and the 
server running it may be compromised?

Answering your "why" question is focussing on the wrong issue, as 
you've rather glibly skipped over a much more important issue -- what 
is the basis of your assessment that a hosting service is "reasonably 
trustworthy"?

Every site owner/admin on every one of the hundreds of compromised 
sites I've had dealings with this year alone was (at least before they 
finally recognized they were hosed) of the opinion that their hosting 
provider was (at least) "reasonably trustworthy".

They were all -- clearly -- wrong _if_ by that assessment they (and 
presumably you) were of the opinion that a "reasonably trustworthy" 
hosting provider will not have site/server compromise issues.

I have to assume that they are representative of the many, many, many 
hundreds more site owners/operators who never engaged further with my 
response to their request for information about why their site was 
"blacklisted".

So, what critical baggage are you hiding inside your assessment that a 
hosting provider is "reasonably trustworthy"?



Regards,

Nick FitzGerald


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/