[ossig] RE: Johor State Goverment Site defaced

[Uwe Heinz Rudi Dippel <Udippel@xxxxxxxxxxxxx>]

Not really looked into it, but chances to find the culprit are listed here:

http://secunia.com/product/73/

http://secunia.com/product/72/

http://secunia.com/product/?menu=#software_P   (scroll down to php*)

http://secunia.com/product/20/

Anything to be added ? It doesn't make a difference if you run OSS or MSS;
you have to patch in order to be safe.

With respect to 'Linux Security', I might add 

http://slashdot.org/article.pl?sid=04/02/21/142239&mode=nested

as source for that security evaluation not with a wrong, but no methodology
at all.

RedHat hasn't done well here; the RHN was a great tool to patch; better than
anything else at least for the casual user. May I consider the demise of
RedHat Linux X.X and the bringing down of RHN a great disservice to the
community and the rest of the world ? No need to start a flamewar here, but
with 5 machines running RedHat, at one moment suddenly I couldn't demote my
account from 'Basic' to 'None'. Which left me with 4 unpatched systems. But
not for long. fdisk is a trusted method to bring such systems back to a good
level of security.

I also fully agree with Soo Hoe on the need to educate the new converts on
security. OSSS 101 instead of OSS 101, eventually ?

Uwe


---------------------------------------------------------
To unsubscribe: send mail to ossig-request@mncc.com.my
with "unsubscribe ossig" in the body of the message