Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Looking for help against Chinese Hacking Team

From: ArcSighter Elite <arcsighter () gmail com>
Date: Tue, 16 Dec 2008 08:32:11 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

RaptorX wrote:

what Adriel meant was PROPERLY DESIGNED Parameterized Stored Procedures, and
I totally agree with him.

Providing a short time solution is a good idea but you have to finish the
job properly which in the case of a pen-tester would be report and provide
with a viable (permanent) solution.

I also agree partially with Sam, specially windows systems, after hacked it
is a MUCH BETTER idea to rebuild it improving the security of course.



Well, PROPERLY DESIGNED of course if almost impossible, but you think
this is the case? I repeat myself: he's wishing to stop the attacks, and
of course I think/hope he'll take the appropriate measures then. IMHO he
wouldn't be able to fix anything if he is constantly under attack. And
sure, linux is the best solution, even a win port of apache will do
better than IIS, again IMHO. Again, SQL injection could result in a host
compromise, so re-deploying would be the optimal form: ex. instead of
finding rookits, install clean.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFJR63bH+KgkfcIQ8cRAtEfAKD1RSDlHRt8KKt50BxRVDIWMpcDDACg/MY2
rO6vnTNeQWAilBnNjp79c+8=
=wVY+
-----END PGP SIGNATURE-----

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: