> > Yupp, but what if these people use their extra time to hack your webserver?
> > So i think you can't avoid making your programs that are publically accessible
> > secure...
>
> The exploit they have devised requires shell access to a Linux based
> host so _our_ server is OK ;-)
Heh, who knows =) Don't let PC Week Labs to setup your computer =)
> Seriously, as soon as anyone raises a security issue we fix it (like the
> force_suffix option added to 2.0.11). In other forums, "real" security
> concerned organisations have contacted us a couple of days prior to making
> a public statement so that we could give them details of a fix. BUGTRAQ
> doesn't work that way and I sometimes feel the list members often go out
> of their way to show personal "hacking ability" rather than to help solve
> a problem.
Invite them to contact you ASAP next time. Or pay them to look for review
the code for security :-)
Yuri
-------------------------------------------------------------------------
To unsubscribe, go to http://www.Hughes.com.au/extras/email/
This archive was generated by hypermail 2b30 : Mon Mar 04 2002 - 09:03:51 EST