Fwd: They will protect me (won't they?)

[Dotzero <dotzero () gmail com>]

apologies, meant to send this to the list as well.


---------- Forwarded message ----------
From: Dotzero <dotzero () gmail com>
Date: Wed, Feb 11, 2009 at 6:33 PM
Subject: Re: They will protect me (won't they?)
To: Michael Condon <admin () singulartechnologysolutions com>


On Wed, Feb 11, 2009 at 5:14 PM, Michael Condon
<admin () singulartechnologysolutions com> wrote:
> Doesn't surprise me too much. Remember the case a few months ago where a
> couple of guys were convicted for hijacking free VOIP? They started by
> trolling routers with the router admin backdoor account still at factory
> default.
> In my own experience, for one example, I was testing one of my own apps for
> W3C compliance, SQL Injection vulnerabilities and XSS. On one pass, my code
> was squeaky clean, but GrendelScan was able to clone the backup directory
> (that the hosting company maintains). I told them, and they said it was up
> to me to set permissions on the dir with my own .htaccess file, and they do
> not assist in "user scripting issues". Yes, for a backup directory that they
> created and maintain and populate with data using their own backup software.
> Not a small hosting company either.

So here's my question. Do they address this in documentation that is
available to their customer? If it is documented clearly that's one
thing. If it's not, that's another.