Re: General Server Security Vulnerabilities (was Re: WebObjects App Open To Hackers - [ THE ENGINEER'S REPORT ])
Re: General Server Security Vulnerabilities (was Re: WebObjects App Open To Hackers - [ THE ENGINEER'S REPORT ])
- Subject: Re: General Server Security Vulnerabilities (was Re: WebObjects App Open To Hackers - [ THE ENGINEER'S REPORT ])
- From: "Jonathan Fleming" <email@hidden>
- Date: Wed, 09 Jul 2003 20:44:57 +0100
From: David Neumann <email@hidden>
To: Jonathan Fleming <email@hidden>
CC: email@hidden, email@hidden
Subject: Re: General Server Security Vulnerabilities (was Re: WebObjects
App Open To Hackers - [ THE ENGINEER'S REPORT ])
Date: Wed, 9 Jul 2003 12:58:30 -0500
Jonathan
He stated that person that passed the message on to me was probably
panicking more than was necessary and made more of the situation than was
warranted, but the engineer pointed out that there are holes in the
security
of any server.
Is the "Microsoft Engineer" now saying that someone else told him something
and he just bought it? Then Relayed it to you second-hand? And Oh by the
way, here's an obvious fact to fill the silence after a Homer Simpson
"Doh!" moment?
No David, you might have missed the original post, the engineer was a friend
of the client I was build the site for and once it was deployed the client,
as they do, told friends and his clients that the site was live. When the
engineer looked at it he searched around for security violations and
reported back to his friend some concerns he had. Only such an alert raid
serious alarm bells in the mind of the client who then got on to me rather
irrate about the security state of his site.
Basically the fellow had no point whatsoever, has no knowledge of
WebObjects,
True, he does not know WebObjects.
Jonathan
likes to spread FUD, and has an affinity for research based on
unsubstantiated hearsay. If he doesn't make it as an engineer, he has a
future as a "journalist" for CNet News.com.com.com...
d
PS: I'm curious: what ftp clients default in using port 80? Could it be
that your friend's special kind of expertise extends beyond WebObjects?
On Wednesday, July 9, 2003, at 08:02 AM, B. W. Fitzpatrick wrote:
"Jonathan Fleming" <email@hidden> writes:
Right then Guys,
I got hold of the Microsoft Engineer that caused this alarm and here is
what
he said...
He stated that person that passed the message on to me was probably
panicking more than was necessary and made more of the situation than was
warranted, but the engineer pointed out that there are holes in the
security
of any server. What he was pointing to in particular was that
<snip>
None of these security vulnerabilities are WebObjects specific--they
apply to pretty much any server that is available on the internet.
*sigh*
-Fitz
--
Brian W. Fitzpatrick <email@hidden>
http://www.red-bean.com/fitz/
_______________________________________________
WebObjects-dev mailing list
email@hidden
http://www.omnigroup.com/mailman/listinfo/webobjects-dev
_________________________________________________________________
Hotmail messages direct to your mobile phone http://www.msn.co.uk/msnmobile
_______________________________________________
webobjects-dev mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/webobjects-dev
Do not post admin requests to the list. They will be ignored.