[Fwd: Re: Testing and honesty] - From Debian mailing list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi all

This thread was on the Debian mailing list.

Was a interesting read.

Kind Regards
Brent Clark

P.s This forwarding is not intended to offend anyone, just something I thought was interesting and might too interest someone.
------------------------------------------------------------------------------



-------- Original Message --------
Subject: Re: Testing and honesty
Resent-Date: Tue, 11 Jul 2006 07:49:46 -0500 (CDT)
Resent-From: debian-user@xxxxxxxxxxxxxxxx
Date: Tue, 11 Jul 2006 09:49:11 -0300
From: Andre Carezia <andre@xxxxxxxxxxxxxx>
To: debian-user@xxxxxxxxxxxxxxxx
References: <200607081609.k68G9dtn018636@xxxxxxxxxxxxxxxxxxxx> <44AFF574.6030005@xxxxxxxxxxxxxxxxxxxxx> <20060708224402.GA8575@xxxxxxxxxxxxxx> <44B0FFB7.9090509@xxxxxxxxxxxxxx> <20060709132819.GA4804@xxxxxxxxxxxxx>

Dave Ewart escreveu:

>> Maybe you should think about using better software (squirrelmail and
>> bind are not secure enough for public servers, anyway :-))
> 
> Can you provide some evidence to back up that remark?

Sure.

Squirrelmail is written in PHP, a fast-development language not designed
with security in mind:
http://www.sklar.com/page/article/owasp-top-ten

Squirrelmail vulnerabilities:
http://secunia.com/product/288/

BIND flaws:
http://www.lurhq.com/dnscache.pdf
http://www.isotf.org/news/DNS-Amplification-Attacks.pdf
http://cr.yp.to/djbdns/blurb/security.html
http://cr.yp.to/djbdns/guarantee.html

[]s,

-- 
André Carezia
Eng. de Telecomunicações
Carezia Consultoria - www.carezia.srv.br



-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
--
squirrelmail-users mailing list
Posting Guidelines: http://www.squirrelmail.org/wiki/MailingListPostingGuidelines
List Address: squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx
List Archives: http://news.gmane.org/thread.php?group=gmane.mail.squirrelmail.user
List Archives:  http://sourceforge.net/mailarchive/forum.php?forum_id=2995
List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-users


[Index of Archives]     [Video For Linux]     [Yosemite News]     [Yosemite Photos]     [gtk]     [KDE]     [Cyrus SASL]     [Gimp on Windows]     [Steve's Art]     [Webcams]

  Powered by Linux