Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Frackin script kiddies!!



On Tue, Aug 3, 2010 at 1:26 PM, Richard Pieri <richard.pieri-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org> wrote:
> On Aug 3, 2010, at 12:15 PM, Jarod Wilson wrote:
>>
>> Its not about feeling secure. Its about keeping out stupid idiots. SSL
>> + auth keeps stupid idiot vandals out. And to me, that's Good Enough
>> for a non-critical system like a mythtv box. The determined will
>> always find a way in if they really want to.
>
> See... this is where I see you feeling security rather than practicing security. ?You see keeping the vandals out of your MythTV box as the end of it, but it isn't. ?That's just the *start* of it. ?You see your Myth box as non-critical but if it is exposed to a public-facing network then it *is* critical, not in the way you see it used but in the ways that it can be used against you or someone else.

I have a public-facing web server. One of the things it serves up is
mythweb. I require access to mythweb to go over ssl with
authentication. What else would you propose that I do, short of not
running mythweb on a public-facing web server?

-- 
Jarod Wilson
jarod-ajLrJawYSntWk0Htik3J/w at public.gmane.org







BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org