Daniel Hanson, 2005-11-09
The latest and greatest Linux worm isn't the most elegant or fastest spreading worm, or even one that's difficult to stop, but it still offers a warning for Web developers and administrators everywhere.
Colapse all |
Post comment
100% right
2005-11-10
aeonflux
aeonflux
This guys is 100 percent right on. When redcode and the other variant IIS worms hit, I saw hundreds of attempts in my logs every hour. So far I've seen two xmlrpc exploit attempts in my logs from two seperate ips in the past x number of days. It's more like hype then anything else, finally linux ...
[ more ] [ reply ]
[ more ] [ reply ]
Worm Or WakeUp call?
2005-11-12
masood mehmood
masood mehmood
This worms is a wakeup call for the lazy administrator and Developers around us. Its been a long time since XMP-RPC,AWStat vulnerabilities discovered and still, If its the fast spreading and elegant worm then the problem is totally belong to Administrator and some how Developers too.
Accordin...
[ more ] [ reply ]
Accordin...
[ more ] [ reply ]
Are Linux and Windows to blame?
2005-11-16
Alexey Vesnin (1 replies)
Alexey Vesnin (1 replies)
Not really. They're dumb and weak OSes, but if the System Administrator decides to set 'em up on production machine in Internet - it's his guilty. And this fact is not a new one - but why the most people are using theese OSes? Because professional OSes are for professionals, not for a lamers beleivi...
[ more ] [ reply ]
[ more ] [ reply ]
Re: Are Linux and Windows to blame?
2005-11-20
Anonymous (1 replies)
Anonymous (1 replies)
It wasn't long ago when linux was too considered smarter that dumb lamer. Now, there are ways to set up Linux easier ... it's not Linux problem, it's lamer problem. Lamer wants OS which he can install. No matter what OS that will be, it will end unsecure.
On the other hand, I believe real system ...
[ more ] [ reply ]
On the other hand, I believe real system ...
[ more ] [ reply ]
Re: Re: Are Linux and Windows to blame?
2005-11-22
Alexey Vesnin
Alexey Vesnin
Linux'es, linux'es.... Yes, there are lots of 'em. I'm not saying that they're BAD just because their are Linux'es.... And I've seen and tested LOT'S of 'em. And only two of them are good in my opinion. First - Gentoo. Still raw code, potentially insecure - but MANY GOOD IDEAS in OS architecture and...
[ more ] [ reply ]
[ more ] [ reply ]
Keep /tmp always noexec
2005-11-16
Sujai (1 replies)
Sujai (1 replies)
I think keeping /tmp noexec will prevent lot of attacks like this. Additional layer for mod_security will make it more secure. I have seen lot of attacks from /tmp and the best way is to mount it noexec....
[ more ] [ reply ]
[ more ] [ reply ]
Linux worm overrated
2005-11-19
Andrew (1 replies)
Andrew (1 replies)
One of the beauties of Gentoo Linux is that as a source based distribution with portage as a packaging medium and GLSA as a security warning system patches can be downloaded, compiled and applied in a matter of minutes.
The other packages are too slow to react, opr their administrators not knowl...
[ more ] [ reply ]
The other packages are too slow to react, opr their administrators not knowl...
[ more ] [ reply ]
Re: Linux worm overrated
2005-11-22
Alexey Vesnin
Alexey Vesnin
Gentoo continued and expanded one of the best BSD ideas - portage branch. And they did it in right direction. The code is still potentially insecure, BUT I hope that soon it will be done - theese guys just need some time to do that job. I hardly can compare Gentoo's easiness of patching/upgrading wi...
[ more ] [ reply ]
[ more ] [ reply ]
and mod_insecurity.c did you read the code source?
this is easy bypassable ...
phpbb is more secure than mod_security
i know people wait next web app vuln for next web app worm...
[ more ] [ reply ]