[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Fwd: Apache Security Vulnerabilities on IRIX

On Thu, Nov 14, 2002 at 10:41:12AM -0500, Phillip Hofmeister wrote:
> 
> Apache has been having a lot of problems lately.  ALMOST as bad as
> IIS...
> [useful part of message removed :]

 My impression is that most of the problems found these days are cross-site
scripting, or at the worst, local privilege escalation.  (I don't run a
publically accessable apache server, so I don't pay the closest
attention...)  Every Micros~1 exploit is some sort of remote root/arbitrary
code problem, often in stuff that is enabled by default.  I don't remember
hearing about any IIS bugs that were just local privs or not-as-serious
stuff like that.

 I guess we just don't hear about anything but the most serious of
Micros~1's problems, so counting "security problems found" as a measure of
anything other than how much work you'll have to do to be able to claim you
do a good job is bad.  (don't forget to multiply by the ratio of work needed
to use apt (really easy :)/work needed to use windows update (half the time
you need to reboot))

-- 
#define X(x,y) x##y
Peter Cordes ;  e-mail: X(peter@llama.nslug. , ns.ca)

"The gods confound the man who first found out how to distinguish the hours!
 Confound him, too, who in this place set up a sundial, to cut and hack
 my day so wretchedly into small pieces!" -- Plautus, 200 BC
Reply to: