Re: security advice

[Mike Razzell <m.razzell () gmail com>]

Maybe this is considered obvious to others of greater experience or
expertise in the field but doesn't the possibility exist that they
could look at all the logs and configurations and find no
vulnerability permitting a point of entry if a user with
administrative credentials logged in from a compromised client or
(less likely IMO) over an unsecured connection ie. plaintext.  If this
is the case you could fix everything you find and still get
compromised again if you have not changed the passwords.  Going one
step further, you could change your passwords and still get nailed
again if you (or whoever has admin rights)  use the compromised host
to login afterwards (or during) changing the password.

-Mike

-- 
Sent from my mobile device

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------