Mailing List Archive: 49091 messages
  • Home
  • Script library
  • AltME Archive
  • Mailing list
  • Articles Index
  • Site search
 

[REBOL] Re: OT: SSH and secure servers, WAS: XML / dialects

From: jason:cunliffe:verizon at: 7-Jan-2002 15:55

Brian Wilson <[bwilson--ihpva--org]> wrote:
> There are numerous totally free ssh and ssl cross platform solutions. > See http://www.clickshift.com/ssh/ for some info + links on ssh. > BUT they only in keep data from being sniffed as it passes over the 'net.
Hi Brian Thanks.
> I bet your compromise came by exploiting a buffer overflow or some > stupid scripting configuration problem. Would this not include badly > written REBOL scripts?
It could indeed, especialy as people are tempted to adjust permissions to get REBOL or other cgi working. Once it is they tend to forget and move on. As it turns out the compromise came via some skilled peopel exploiting SSH1 weaknes. You can read about it here: http://www.incidents.org http://www.incidents.org/diary/diary.php?id=138
> IMHO you have much more to worry about from security holes > unintentionally installed by yourself (NEVER happens to ME of course! > HA HA) and by the providers of your various server tools such as BIND, > Apache, MS Exchange and so on.
Yes. As someone said/wrote "security is not a product, its a process." My main security argument has been for that we need very careful use of permissions. People want to believe in a golden tool/bullet. I inherited sysadmin role for a very messy undocumented system. Decided to take it right down and rebuild from scratch. The major part of the learning curve, no matter what OS, and or whatever versions of each element, still all comes down to the user/group/other permission structure. How that is planned and maintained. I welcome any advice, good reading especially to help the strategic planning stages. I am hoping that REBOL will beocme a valuable tool in this process. A big question is how to use it well for secure custom remote sysadmin. Working between REBOL/Command on the server and REBOL/ViewPro and/or REBOL/Command on clients. Does anyone have any experience with this? ./Jason