[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Question regarding script vulnerabilities
- To: Nick FitzGerald <nick@xxxxxxxxxxxxxxxxxxx>
- Subject: Re: [Full-disclosure] Question regarding script vulnerabilities
- From: Philip Whitehouse <philip@xxxxxxxxx>
- Date: Thu, 20 Dec 2012 22:07:57 +0000
Personally I wouldn't equate a trustworthy host to mean they had 'bulletproof'
servers. Even if it were possible its not the normal definition of trust.
In any case it's irrelevant - it's what you run that typically exposes your
site to the most risk
Philip Whitehouse
On 20 Dec 2012, at 21:16, "Nick FitzGerald" <nick@xxxxxxxxxxxxxxxxxxx> wrote:
> Rand wrote:
>
>> I was curious, if you have a virtual dedicated server or a dedicated
>> server, and a reasonably trustworthy hosting service, are malicious scripts
>> planted by external people a big concern? If so why?
>
> If you have a web server, malicious scripts should be a big concern to
> you, yes.
>
> Why would you NOT be concerned that the integrity of your site and the
> server running it may be compromised?
>
> Answering your "why" question is focussing on the wrong issue, as
> you've rather glibly skipped over a much more important issue -- what
> is the basis of your assessment that a hosting service is "reasonably
> trustworthy"?
>
> Every site owner/admin on every one of the hundreds of compromised
> sites I've had dealings with this year alone was (at least before they
> finally recognized they were hosed) of the opinion that their hosting
> provider was (at least) "reasonably trustworthy".
>
> They were all -- clearly -- wrong _if_ by that assessment they (and
> presumably you) were of the opinion that a "reasonably trustworthy"
> hosting provider will not have site/server compromise issues.
>
> I have to assume that they are representative of the many, many, many
> hundreds more site owners/operators who never engaged further with my
> response to their request for information about why their site was
> "blacklisted".
>
> So, what critical baggage are you hiding inside your assessment that a
> hosting provider is "reasonably trustworthy"?
>
>
>
> Regards,
>
> Nick FitzGerald
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/