[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Hackers invade DOJ web site
At 08:35 PM 8/20/96 -0700, some anonym remailer user wrote:
>All webservers (except maybe Spinner?) are riddled with buffer overrun
>bugs and other similar security holes. If you run a webserver, you
>should basically assume that anyone who really wants a shell on your
>machine can get one. Grab your favorite webserver and grep for
>sprintf.
Fred Cohen put out an 80-line-C GET-only HTTP server which is
short enough to verify that it doesn't have security bugs
like memory leaks, etc. It's not blazingly fast,
and all it does is server pages, but it's clean.
# Thanks; Bill
# Bill Stewart, +1-415-442-2215 [email protected]
# <A HREF="http://idiom.com/~wcs"> Reassign Authority!