Re: Ten least secure programs

["Chris Berry" <compjma () hotmail com>]

> From: Mitch Pirtle <mitchell.pirtle () verizon net>
> 7) BIND

I thought about listing that one, but there aren't really any alternatives 
are there?  No point in complaining if you can't switch to something else.

> 8) FrontPage

?? Haven't heard of any FrontPage vulnerabilities.  I'm not real fond of the 
code it produces but I hardly think that means it's insecure.

> 9) CGI (on a webserver, that is)

Hmm, CGI is a bit tricky, but I don't think the underlying design is the 
problem, mostly implementation, which is why I didn't put it on this list.  
Somebody correct me if I'm wrong.

> and my all-time favorite,
> 10) Anything that is labeled "hacker proof"

Now that's for sure.

> Oh, IMNSHO, PHP isn't insecure, its the people using it.  I could do
> just as much damage writing something in Perl, .NET, even HTML...
> Pretty much anything 'cept python ;^P

It just seems like I get a ton of vulnerability reports from PHP itself and 
programs written using it, could be because it's popular, but I don't think 
that's the whole story.

Chris Berry
compjma () hotmail com
Systems Administrator
JM Associates

"Encrypt everything, and ask questions later."

_________________________________________________________________
STOP MORE SPAM with the new MSN 8 and get 2 months FREE*  
http://join.msn.com/?page=features/junkmail


---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.
    
Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.
         
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------