Home Messages Index
[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index

Re: [News] [Rival] Microsoft Blamed for Killing E-mail

____/ [H]omer on Tuesday 18 March 2008 16:27 : \____

> Roy Schestowitz wrote:
> 
>> ,----[ Quote ]
> [...]
>> | The mainstream media consistently use the term "computers" when
>> | they make forays into this realm. Yes, they are computers, but
>> | they're not just any computer -- they are all running Windows. All
>> | of them.
> 
> This is not entirely true, since PHP has known security issues (I
> personally have been the victim of a cross-site scripting vulnerability
> in the past). To what extent these issues contribute to botnets or
> viruses, I have no idea, but the figure is unlikely to be zero.
> 
> However, a typical Linux /Desktop/ will not be running PHP or even a Web
> server at all, and even those who run home Linux servers rarely have
> them publicly accessible, so this is mostly a non-issue, except for Web
> hosts.
> 
> Also, it should go without saying that PHP is not Linux, and indeed is a
> cross-platform solution, however ... a properly secured Linux Web host
> should /not/ be vulnerable to PHP issues if, for example, it utilises
> SELinux and an appropriate policy. Scripting languages on publicly
> accessible hosts that provide dynamic content are always an inherent
> security risk, but there are ways and means to mitigate those risks.
> It's just a pity that more Web hosts don't exercise those means.

Yes, I agree, definitely. It's not just PHP, but application that are
built /using/ PHP. I'm rebuilding my Web site at the moment on a new (actually
more powerful!) server after the attack WHICH DID NOT TARGET LINUX, not even
GNU. It was phpBB, which is /written/ in PHP. It was unpatched (last patched
some time in 2005, IIRC).

Live and learn.

-- 
                ~~ Best of wishes

Roy S. Schestowitz      |    "Did anyone see my lost carrier?"
http://Schestowitz.com  |     GNU/Linux     |     PGP-Key: 0x74572E8E
Swap:  1510068k total,   334064k used,  1176004k free,   122980k cached
      http://iuron.com - next generation of search paradigms

[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index