In <[🔎] 20090821061430.b95afcb6.raquel@thericehouse.net>, Raquel wrote: >Emanoil Kotsev <deloptes@yahoo.com> wrote: >> Raquel wrote: >> > Ron Johnson <ron.l.johnson@cox.net> wrote: >> >> Raquel wrote: >> >> > The machine has been hacked by someone using a Romanian IP >> >> >> >> How'd he get in? >> > >> > I found it! He got in through a vulnerability in Zen Cart. >> > >> > http://www.securityfocus.com/bid/35467/info >> >> Cite: "Note that the issue occurs only when the 'admin' directory >> wasn't properly renamed during the installation process." ???? >> >> is this true? >> >> means your fault! > >Yeah. I held a gun to his head and told him to break into my >computer and mess things up. It's my fault the burglar broke into my >house because I locked all the doors with double dead-bolts but >didn't have a guard dog. More like you locked all the doors, but left one window open. Still, I think that the point was that it is not a Debian security issue since Zen Cart isn't even packaged. It's also not strictly a Zen Cart issue because they did everything they could once the vulnerability was found -- they can't fix your system for you, they can only notify you of the issues as they are discovered. >It's my fault because I don't go to the Zen Cart web site regularly. Yes-ish. If you are installing software in a secure environment you should follow security notifications about the software so you can assess any new threads and patch/reconfigure your system as need be. Security is a process, not a product. No once is trying to take the blame away from the Romanian cracker. He or she took an active role in activities that robbed your of time and resources, and should be held accountable. However, we (or at least I) wish to deflect blame from Debian or Zen Cart. -- Boyd Stephen Smith Jr. ,= ,-_-. =. bss@iguanasuicide.net ((_/)o o(\_)) ICQ: 514984 YM/AIM: DaTwinkDaddy `-'(. .)`-' http://iguanasuicide.net/ \_/
Attachment:
signature.asc
Description: This is a digitally signed message part.