Re: Ten least secure programs

From: Chris Berry <compjma(at)hotmail.com>
Date: Mon Jun 30 2003 - 21:42:04 EDT

>From: Mitch Pirtle <mitchell.pirtle@verizon.net>
>7) BIND
I thought about listing that one, but there aren't really any alternatives are there? No point in complaining if you can't switch to something else.

>8) FrontPage

?? Haven't heard of any FrontPage vulnerabilities. I'm not real fond of the code it produces but I hardly think that means it's insecure.

>9) CGI (on a webserver, that is)

Hmm, CGI is a bit tricky, but I don't think the underlying design is the problem, mostly implementation, which is why I didn't put it on this list. Somebody correct me if I'm wrong.

>and my all-time favorite,

Now that's for sure.

>Oh, IMNSHO, PHP isn't insecure, its the people using it. I could do

It just seems like I get a ton of vulnerability reports from PHP itself and programs written using it, could be because it's popular, but I don't think that's the whole story.

Chris Berry
compjma@hotmail.com
Systems Administrator
JM Associates

"Encrypt everything, and ask questions later."

---

STOP MORE SPAM with the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail

---

Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare.      

Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance.           

Visit us at: http://www.neoteris.com/promos/sf-6-9.htm

---

Received on Wed Jul 2 12:48:01 2003