[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Question regarding script vulnerabilities
- To: Rand McRanderson <therandshow@xxxxxxxxx>
- Subject: Re: [Full-disclosure] Question regarding script vulnerabilities
- From: Jerry Bell <jerry@xxxxxxxxxxxxxxx>
- Date: Thu, 20 Dec 2012 22:45:26 -0500
I think some of the other responses missed the subtleties of your question.
Let me see if I can expand it accurately:
We know that malicious scripts are very problematic in shared hosting
environments, because there are many avenues of attack: control panel attacks,
symlinks, bad directory permissions, poorly configured/maintained software and
on and on.
But, in the case of a VPS or dedicated server, most of those worries aren't
present because there are no other "customers" on the OS, and generally the
owner of the VPS/dedicated server can configure and manage security and
software to his/her liking, leaving the "trust worthy" aspect of a datacenter
to mean that they will not run off with your hard drives, share root passwords
(if given to the provider), and that sort of thing.
Assuming this is indeed what you meant, my opinion is that there's a
significantly lower probability that you'll have to content with malicious
scripts on a dedicated server, but the risk isn't eliminated. The main
objective of many attacks on servers these days is to install some sort of
malicious script. So, as one of the other responses indicates, there are
vectors by which attackers may be able to plant them, and so it does make sense
to pay attention.
- Jerry
On Dec 19, 2012, at 12:25 AM, Rand McRanderson <therandshow@xxxxxxxxx> wrote:
> I was curious, if you have a virtual dedicated server or a dedicated server,
> and a reasonably trustworthy hosting service, are malicious scripts planted
> by external people a big concern? If so why?
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/