httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rob Hartill <r...@imdb.com>
Subject Re: Yahoo hacked, rumor blames old apache
Date Fri, 12 Dec 1997 22:04:19 GMT
On Thu, 11 Dec 1997, Brian Behlendorf wrote:

> >In any case, word has supposedly come from someone at Yahoo that this
> exploit does not effect other FreeBSD hosts. So whether its a case of a
> modified buggy version of Apache, or some poorly written CGI's (possibly
> remote administration ones?) remains to be seen.

don't forget that they have lots of people managing the site. Any one of
them could be running an insecure machine that had privileged access to
the webserver farm.

If it was an old Apache, I'm skeptical that they could have fixed it
fast enough. People who run old software tend to get stuck running old
software because it becomes too big a risk to change anything at some
point.

--
Rob Hartill                              Internet Movie Database (Ltd)
http://www.moviedatabase.com/   .. a site for sore eyes.


Mime
View raw message