Re: Fwd: Apache Security Vulnerabilities on IRIX
On Thu, Nov 14, 2002 at 10:41:12AM -0500, Phillip Hofmeister wrote:
>
> Apache has been having a lot of problems lately. ALMOST as bad as
> IIS...
> [useful part of message removed :]
My impression is that most of the problems found these days are cross-site
scripting, or at the worst, local privilege escalation. (I don't run a
publically accessable apache server, so I don't pay the closest
attention...) Every Micros~1 exploit is some sort of remote root/arbitrary
code problem, often in stuff that is enabled by default. I don't remember
hearing about any IIS bugs that were just local privs or not-as-serious
stuff like that.
I guess we just don't hear about anything but the most serious of
Micros~1's problems, so counting "security problems found" as a measure of
anything other than how much work you'll have to do to be able to claim you
do a good job is bad. (don't forget to multiply by the ratio of work needed
to use apt (really easy :)/work needed to use windows update (half the time
you need to reboot))
--
#define X(x,y) x##y
Peter Cordes ; e-mail: X(peter@llama.nslug. , ns.ca)
"The gods confound the man who first found out how to distinguish the hours!
Confound him, too, who in this place set up a sundial, to cut and hack
my day so wretchedly into small pieces!" -- Plautus, 200 BC
Reply to: