Re: on the university problem

[Jordan Wiens <numatrix () ufl edu>]

On Aug 13, 2007, at 12:16 PM, Valdis.Kletnieks () vt edu wrote:

> On Mon, 13 Aug 2007 11:51:09 EDT, Alex Eckelberry said:
> > site:.edu or site:.gov as operators.  It's clear it's far, far  
> > more of a
> > problem in the .edu space than at least .gov, largely because of the
> > reasons everyone knows (unpatched open source, etc.).
>
> I don't think that "unpatched open source" is anywhere on the radar  
> as a
> reason here.  In both .edu and .gov spaces, unpatched Microsoft is  
> a much
> bigger problem than unpatched open source (unless there's been some  
> major
> tectonic plate shift and less than 90% of the boxes are Microsoft  
> now).

No, for the vast majority of this type of comment spam, Alex's  
right.  Most of them are coming in through vulns in popular blogging,  
wiki, bug tracking, etc, programs.  Or for that matter, not even  
using vulns, but just abusing open commenting systems that aren't  
moderated or monitored.

--
Jordan Wiens, CISSP
UF Network Security Engineer
(352)392-2061

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.