On Fri, 12.03.2010 at 13:28:07 -0700, kj...@pintday.org
wrote:
> > Very good suggestion, indeed.
-20
I'm impartial, though, as I don't use the default configuration,
anyway. I think it's rather a non-issue.
> > Especially, if someone has a 'dangerous' file, a PHP Shell for instance,
> > (a per
> I understand what you say and I appreciate you taking the time to write.
> Hiding files or pretending others can't see them doesn't make us more
> secure.
>
> I guess the real issue is that sometimes people use check lists. Items
> such as this are on those lists. Technical people are asked to ma
> My apologies. The look on the Linux peoples faces when they see all of
> these OpenBSD boxes with *0* vulnerabilities compared to the 200 to 300
> of their own drove me to it. I'll not do it again.
>
The problem is you are equating vulnerability scanners - which are a
product of script kiddies t
On Sat, 13 Mar 2010 17:12 +0200, "Lars Nooden"
wrote:
> Brad and Ozgur,
>
> If your file is in the server's document root, then it is published [1].
> For whatever reason, a lot of C-Levels act as if they are unclear on
> that. There is also often the false belief among them that security and
>
Brad and Ozgur,
If your file is in the server's document root, then it is published [1].
For whatever reason, a lot of C-Levels act as if they are unclear on
that. There is also often the false belief among them that security and
usability are mutually exclusive. I don't understand the rules in
