Security Basics mailing list archives
Re: security advice
From: Mike Razzell <m.razzell () gmail com>
Date: Tue, 24 Aug 2010 16:24:41 -0700
Maybe this is considered obvious to others of greater experience or expertise in the field but doesn't the possibility exist that they could look at all the logs and configurations and find no vulnerability permitting a point of entry if a user with administrative credentials logged in from a compromised client or (less likely IMO) over an unsecured connection ie. plaintext. If this is the case you could fix everything you find and still get compromised again if you have not changed the passwords. Going one step further, you could change your passwords and still get nailed again if you (or whoever has admin rights) use the compromised host to login afterwards (or during) changing the password. -Mike -- Sent from my mobile device ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- security advice Edmund (Aug 24)
- Re: security advice irado furioso com tudo (Aug 24)
- Re: security advice Todd Haverkos (Aug 24)
- RE: security advice Andrei Popescu (Aug 25)
- Re: security advice Erik (Aug 26)
- RE: security advice Andrei Popescu (Aug 25)
- RE: security advice Murda (Aug 25)
- Re: security advice Robert Larsen (Aug 25)
- Re: security advice debiantech (Aug 25)
- RE: security advice Grant, Richard (KYTC) (Aug 25)
- <Possible follow-ups>
- Re: security advice Mike Razzell (Aug 25)