Home page logo

pen-test logo Penetration Testing mailing list archives

Re: Looking for help against Chinese Hacking Team
From: ArcSighter Elite <arcsighter () gmail com>
Date: Tue, 16 Dec 2008 08:32:11 -0500

Hash: SHA1

RaptorX wrote:
what Adriel meant was PROPERLY DESIGNED Parameterized Stored Procedures, and
I totally agree with him.

Providing a short time solution is a good idea but you have to finish the
job properly which in the case of a pen-tester would be report and provide
with a viable (permanent) solution.

I also agree partially with Sam, specially windows systems, after hacked it
is a MUCH BETTER idea to rebuild it improving the security of course.

Well, PROPERLY DESIGNED of course if almost impossible, but you think
this is the case? I repeat myself: he's wishing to stop the attacks, and
of course I think/hope he'll take the appropriate measures then. IMHO he
wouldn't be able to fix anything if he is constantly under attack. And
sure, linux is the best solution, even a win port of apache will do
better than IIS, again IMHO. Again, SQL injection could result in a host
compromise, so re-deploying would be the optimal form: ex. instead of
finding rookits, install clean.

Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org


This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]