Full Disclosure mailing list archives
Re: Question regarding script vulnerabilities
From: Philip Whitehouse <philip () whiuk com>
Date: Thu, 20 Dec 2012 22:07:57 +0000
Personally I wouldn't equate a trustworthy host to mean they had 'bulletproof' servers. Even if it were possible its not the normal definition of trust. In any case it's irrelevant - it's what you run that typically exposes your site to the most risk Philip Whitehouse On 20 Dec 2012, at 21:16, "Nick FitzGerald" <nick () virus-l demon co uk> wrote:
Rand wrote:I was curious, if you have a virtual dedicated server or a dedicated server, and a reasonably trustworthy hosting service, are malicious scripts planted by external people a big concern? If so why?If you have a web server, malicious scripts should be a big concern to you, yes. Why would you NOT be concerned that the integrity of your site and the server running it may be compromised? Answering your "why" question is focussing on the wrong issue, as you've rather glibly skipped over a much more important issue -- what is the basis of your assessment that a hosting service is "reasonably trustworthy"? Every site owner/admin on every one of the hundreds of compromised sites I've had dealings with this year alone was (at least before they finally recognized they were hosed) of the opinion that their hosting provider was (at least) "reasonably trustworthy". They were all -- clearly -- wrong _if_ by that assessment they (and presumably you) were of the opinion that a "reasonably trustworthy" hosting provider will not have site/server compromise issues. I have to assume that they are representative of the many, many, many hundreds more site owners/operators who never engaged further with my response to their request for information about why their site was "blacklisted". So, what critical baggage are you hiding inside your assessment that a hosting provider is "reasonably trustworthy"? Regards, Nick FitzGerald _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Question regarding script vulnerabilities Rand McRanderson (Dec 20)
- Re: Question regarding script vulnerabilities Philip Whitehouse (Dec 20)
- Re: Question regarding script vulnerabilities Christian Sciberras (Dec 20)
- Re: Question regarding script vulnerabilities Nick FitzGerald (Dec 20)
- Re: Question regarding script vulnerabilities Philip Whitehouse (Dec 20)
- Re: Question regarding script vulnerabilities Jerry Bell (Dec 21)
- Re: Question regarding script vulnerabilities Philip Whitehouse (Dec 20)