Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Two biggest Indian University Websites are vulnerable

From: Valdis.Kletnieks () vt edu
Date: Sat, 17 Jul 2010 09:23:35 -0400
On Sat, 17 Jul 2010 17:33:44 +0530, Sandeep Sengupta said:

1. we spoke to Univ system admin over the phone yesterday. They are
aware of the problem. Now upto them how much time they will take to
rectify it. We hope they atleast have the wisdom to bring the site
down till it is debugged.


That turns out to often be a harder decision than it looks.  Taking the
website down has its own costs - nobody can do any of the things the website
supports.  If you have good web logs and are fairly confident that you will
be able to detect and deal with any actual malicious activity, it may actually
make sense to keep the website up.  It's tradeoffs - which costs more, the
possible damage done by an attack, or the *known* damage caused by an outage?

Attachment: _bin
Description: 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: