Hi all This thread was on the Debian mailing list. Was a interesting read. Kind Regards Brent Clark P.s This forwarding is not intended to offend anyone, just something I thought was interesting and might too interest someone. ------------------------------------------------------------------------------ -------- Original Message -------- Subject: Re: Testing and honesty Resent-Date: Tue, 11 Jul 2006 07:49:46 -0500 (CDT) Resent-From: debian-user@xxxxxxxxxxxxxxxx Date: Tue, 11 Jul 2006 09:49:11 -0300 From: Andre Carezia <andre@xxxxxxxxxxxxxx> To: debian-user@xxxxxxxxxxxxxxxx References: <200607081609.k68G9dtn018636@xxxxxxxxxxxxxxxxxxxx> <44AFF574.6030005@xxxxxxxxxxxxxxxxxxxxx> <20060708224402.GA8575@xxxxxxxxxxxxxx> <44B0FFB7.9090509@xxxxxxxxxxxxxx> <20060709132819.GA4804@xxxxxxxxxxxxx> Dave Ewart escreveu: >> Maybe you should think about using better software (squirrelmail and >> bind are not secure enough for public servers, anyway :-)) > > Can you provide some evidence to back up that remark? Sure. Squirrelmail is written in PHP, a fast-development language not designed with security in mind: http://www.sklar.com/page/article/owasp-top-ten Squirrelmail vulnerabilities: http://secunia.com/product/288/ BIND flaws: http://www.lurhq.com/dnscache.pdf http://www.isotf.org/news/DNS-Amplification-Attacks.pdf http://cr.yp.to/djbdns/blurb/security.html http://cr.yp.to/djbdns/guarantee.html []s, -- André Carezia Eng. de Telecomunicações Carezia Consultoria - www.carezia.srv.br ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 -- squirrelmail-users mailing list Posting Guidelines: http://www.squirrelmail.org/wiki/MailingListPostingGuidelines List Address: squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx List Archives: http://news.gmane.org/thread.php?group=gmane.mail.squirrelmail.user List Archives: http://sourceforge.net/mailarchive/forum.php?forum_id=2995 List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
