__/ [ peterwn ] on Thursday 10 August 2006 21:01 \__
> Roy Schestowitz wrote:
>> The short life and hard times of a Linux virus
>>
>> ,----[ Quote ]
>> | For a Linux binary virus to infect executables, those executables must
>> | be writable by the user activating the virus. That is not likely to be
>> | the case. Chances are, the programs are owned by root and the user is
>> | running from a non-privileged account. Further, the less experienced
>> | the user, the lower the likelihood that he actually owns any
>> | executable programs. Therefore, the users who are the least savvy about
>> | such hazards are also the ones with the least fertile home directories
>> | for viruses.
>> |
>> | [...]
>> `----
>
> It would seem poorly written web server scripts are a big
> vulnerability, especially those that invoke mail programs. This leaves
> a web server vulnerable to being used as a spambot if a there is a
> vulnerability in any of the hosted web sites.
I can think of WordPress as an example that I am familiar with. One can use
DDOS attack to overfill the mailbox of the administrator or
contaminate/bloat the database until it breaks. I also believe that there
were issues which were associated with mass-login and DDOS on the login
page. These issues have been addressed though. In the WordPress mailing
lists, not only do we discuss critical issues like (My)SQL injections, but
also the endemic and problematic existence of zombies in today's Web (warm
thanks to Microsoft). That software runs literally millions of Web sites,
including some prominent ones, so basic security is not sufficient. One has
to boast robustness to brute-force attacks, as Lieberman's story would
suggest.
|
|
