Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Question regarding script vulnerabilities

From: Philip Whitehouse <philip () whiuk com>
Date: Thu, 20 Dec 2012 22:07:57 +0000
Personally I wouldn't equate a trustworthy host to mean they had 'bulletproof' servers. Even if it were possible its 
not the normal definition of trust.

In any case it's irrelevant - it's what you run that typically exposes your site to the most risk

Philip Whitehouse

On 20 Dec 2012, at 21:16, "Nick FitzGerald" <nick () virus-l demon co uk> wrote:


Rand wrote:


I was curious, if you have a virtual dedicated server or a dedicated
server, and a reasonably trustworthy hosting service, are malicious scripts
planted by external people a big concern? If so why?


If you have a web server, malicious scripts should be a big concern to 
you, yes.

Why would you NOT be concerned that the integrity of your site and the 
server running it may be compromised?

Answering your "why" question is focussing on the wrong issue, as 
you've rather glibly skipped over a much more important issue -- what 
is the basis of your assessment that a hosting service is "reasonably 
trustworthy"?

Every site owner/admin on every one of the hundreds of compromised 
sites I've had dealings with this year alone was (at least before they 
finally recognized they were hosed) of the opinion that their hosting 
provider was (at least) "reasonably trustworthy".

They were all -- clearly -- wrong _if_ by that assessment they (and 
presumably you) were of the opinion that a "reasonably trustworthy" 
hosting provider will not have site/server compromise issues.

I have to assume that they are representative of the many, many, many 
hundreds more site owners/operators who never engaged further with my 
response to their request for information about why their site was 
"blacklisted".

So, what critical baggage are you hiding inside your assessment that a 
hosting provider is "reasonably trustworthy"?



Regards,

Nick FitzGerald


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: