management interface accessability (was Re: Worm / UDP1434)

• Previous message (by thread): management interface accessability (was Re: Worm / UDP1434)
• Next message (by thread): management interface accessability (was Re: Worm / UDP1434)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, Jan 26, 2003 at 06:56:48PM +0000, Paul Vixie wrote:

> in fairness to microsoft, there have been worms based on apache and
> bind and popper and fingerd (buffer overruns) and even sendmail
> (wizard password) so the wide scale code review one gets from open
> source software engineering is only a marginal solution to
> monocultural weakness vectors.

i wasn't pointing at microsoft


i was pointing out that leaving software completely exposed when it
need not be is potentially problematic

perhaps[1] this is worse for software which is used mostly for local
connections (ie. LAN, internal network, etc.) such as SQL servers as
opposed to software which is designed and/or required to accept
connections from all over such as a web-server or MTA



  --cw

[1] where often a higher degree of paranoia exists in the programmers
    mind and also the likely hood of wide-spread problems being reported
    appears to be greater

• Previous message (by thread): management interface accessability (was Re: Worm / UDP1434)
• Next message (by thread): management interface accessability (was Re: Worm / UDP1434)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]