North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: management interface accessability (was Re: Worm / UDP1434)
On Sun, Jan 26, 2003 at 06:56:48PM +0000, Paul Vixie wrote: > in fairness to microsoft, there have been worms based on apache and > bind and popper and fingerd (buffer overruns) and even sendmail > (wizard password) so the wide scale code review one gets from open > source software engineering is only a marginal solution to > monocultural weakness vectors. i wasn't pointing at microsoft i was pointing out that leaving software completely exposed when it need not be is potentially problematic perhaps[1] this is worse for software which is used mostly for local connections (ie. LAN, internal network, etc.) such as SQL servers as opposed to software which is designed and/or required to accept connections from all over such as a web-server or MTA --cw [1] where often a higher degree of paranoia exists in the programmers mind and also the likely hood of wide-spread problems being reported appears to be greater
|