[Dshield] big question, no answers
todb at planb-security.net
Sat Oct 4 23:11:44 GMT 2003
DAN MORRILL wrote:
> If I notify, (experience shows) that the Security Pers dont' want to
> hear it, let alone from an outsider looking via google. (I have
> gotten in trouble in the past for my own "good intentions".) If I
> don't notify, how will they correct?
Well, if it's any consolation, you've pretty much guaranteed a flurry of
mysterious MySQL/ACID compromises against people who can't set an
.htaccess sensibly. I'd expect the majority of the ones that are real
production systems (ie, someone looks at them) to get fixed pretty
C'est la pleine revelation. There's a couple .txt files floating around
detailing Google tricks one can use to come up with administrative
interfaces, password databases, etc.
"It's okay to yell 'fire' in a crowded theater
if the theater is actually on fire."
Tod Beardsley | www.planb-security.net
More information about the list