Re:Macintosh Web Server Issues

• To: Tim Dierks <tim@dierks.org>
• Subject: Re:Macintosh Web Server Issues
• From: Enrico Cantu <ecantu@uh.edu>
• Date: Mon, 20 May 1996 08:29:40 -0500
• Cc: www-security@ns2.rutgers.edu, kgmlists@3rdmill.com
• In-Reply-To: <v02140b06adc5a9175512@[206.170.39.104]>

At 9:49 PM  -0700 5/19/96, Tim Dierks wrote:

>If you don't have physical control of your hardware, you have nothing; I
>don't care how secure you believe your software is. I'm willing to wager a
>bundle of dough that if you give me five minutes with your server, I can
>interrupt your web service. I don't need passwords or operating systems,
>keyboards or displays; all I need is a hammer and a wire cutters.

True, but that is not Macintosh-specific.  I wasn't being general about the
list regarding physical control, just this thread; furthermore, I was only
limiting the interruption of web service via software means. (however not
just TCP attack)  I know of several departments and organizations on campus
whose webserver, although not in a public area, is still prone to tampering
from staff who may think they know what they are doing, or worse still, is
a shared machine for other applications.  With a UNIX workstation that has
a login screen (or a third-party Mac utility equivalent), this problem is
reduced significantly.

Rico

--
Out the 10Base-T, off the bridge, round the token-ring, past the firewall,
 through the router, down the T1, over the leased line ... nothing but Net.
ecantu@uh.edu  http://www.bchs.uh.edu/~ecantu/  GC at chembb@menudo.uh.edu
 Department of Biochemical and Biophysical Sciences, University of Houston

• Re:Macintosh Web Server Issues
• From: Tim Dierks <tim@dierks.org>

• Previous: Re: CGI Security Problem
• Next: May, 1996 Java/Netscape hole from Princeton team
• Index(es):
  • Index
  • Thread