[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Question regarding script vulnerabilities



Personally I wouldn't equate a trustworthy host to mean they had 'bulletproof' 
servers. Even if it were possible its not the normal definition of trust.

In any case it's irrelevant - it's what you run that typically exposes your 
site to the most risk

Philip Whitehouse

On 20 Dec 2012, at 21:16, "Nick FitzGerald" <nick@xxxxxxxxxxxxxxxxxxx> wrote:

> Rand wrote:
> 
>> I was curious, if you have a virtual dedicated server or a dedicated
>> server, and a reasonably trustworthy hosting service, are malicious scripts
>> planted by external people a big concern? If so why?
> 
> If you have a web server, malicious scripts should be a big concern to 
> you, yes.
> 
> Why would you NOT be concerned that the integrity of your site and the 
> server running it may be compromised?
> 
> Answering your "why" question is focussing on the wrong issue, as 
> you've rather glibly skipped over a much more important issue -- what 
> is the basis of your assessment that a hosting service is "reasonably 
> trustworthy"?
> 
> Every site owner/admin on every one of the hundreds of compromised 
> sites I've had dealings with this year alone was (at least before they 
> finally recognized they were hosed) of the opinion that their hosting 
> provider was (at least) "reasonably trustworthy".
> 
> They were all -- clearly -- wrong _if_ by that assessment they (and 
> presumably you) were of the opinion that a "reasonably trustworthy" 
> hosting provider will not have site/server compromise issues.
> 
> I have to assume that they are representative of the many, many, many 
> hundreds more site owners/operators who never engaged further with my 
> response to their request for information about why their site was 
> "blacklisted".
> 
> So, what critical baggage are you hiding inside your assessment that a 
> hosting provider is "reasonably trustworthy"?
> 
> 
> 
> Regards,
> 
> Nick FitzGerald
> 
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/