[Dshield] big question, no answers

Tod Beardsley todb at planb-security.net
Sat Oct 4 23:11:44 GMT 2003


> If I notify, (experience shows) that the Security Pers dont' want to
> hear it, let alone from an outsider looking via google. (I have
> gotten in trouble in the past for my own "good intentions".) If I
> don't notify, how will they correct?

Well, if it's any consolation, you've pretty much guaranteed a flurry of 
mysterious MySQL/ACID compromises against people who can't set an 
.htaccess sensibly. I'd expect the majority of the ones that are real 
production systems (ie, someone looks at them) to get fixed pretty 
quickly, now.

C'est la pleine revelation. There's a couple .txt files floating around 
detailing Google tricks one can use to come up with administrative 
interfaces, password databases, etc.

"It's okay to yell 'fire' in a crowded theater
if the theater is actually on fire."
Tod Beardsley | www.planb-security.net

More information about the list mailing list