[PLUG] Joe Jobbed
Aaron Burt
aaron at bavariati.org
Mon Oct 8 18:06:55 UTC 2007
On Fri, Oct 05, 2007 at 08:11:07PM -0700, Ronald Chmara wrote:
> I blame lazy distros, who don't keep on top of security (Cent,
> Debian, Ubuntu, RHEL... the whole lot of 'em are to blame).
What makes you say that?
> I blame lazy admins, who think that uptime is more important than
> security upgrades (if you are running a machine a year old, maybe you
> *deserve* to be rootkit'ed).
Kernel vulns are rare. Remotely-exploitable ones far more so.
> I blame users (and admins) who don't understand that a disturbingly
> large number of "web applications" are complete and total rubbish
> (Joomla, WordPress, phpBB, phpNuke, Plesk, phpMyAdmin, cPanel... the
> list is insane) when it comes to security.
PHP does make it easy for newbs to write web-apps quickly, which leads
to big security holes. But the big-name apps are getting much better.
> So, here's a quick survey:
> Who has a web server that was running PHP 5.2.4, openSSL 0.9.8d,
> Apache 2.2.6, and a 2.6.22.9 kernel *before* I sent this message?
A lot of mine is older than that. And patched.
Do you not believe that it's possible to patch vulns in older versions?
More information about the PLUG
mailing list