[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Testing and honesty



Dave Ewart escreveu:

>> Maybe you should think about using better software (squirrelmail and
>> bind are not secure enough for public servers, anyway :-))
> 
> Can you provide some evidence to back up that remark?

Sure.

Squirrelmail is written in PHP, a fast-development language not designed
with security in mind:
http://www.sklar.com/page/article/owasp-top-ten

Squirrelmail vulnerabilities:
http://secunia.com/product/288/

BIND flaws:
http://www.lurhq.com/dnscache.pdf
http://www.isotf.org/news/DNS-Amplification-Attacks.pdf
http://cr.yp.to/djbdns/blurb/security.html
http://cr.yp.to/djbdns/guarantee.html

[]s,

-- 
André Carezia
Eng. de Telecomunicações
Carezia Consultoria - www.carezia.srv.br



Reply to: