Exactly my point, John. Why hack Remedy when there are far easier ways to get at the data through more well-known and easily exploitable security holes?
Rick -----Original Message----- From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] On Behalf Of John Baker Sent: Wednesday, January 17, 2007 3:44 PM To: [email protected] Subject: Re: Remedy Vulnerability Rick is correct - most hacking is done via buffer overflows. It's highly unlikely that this has ever been researched thoroughly (or at all) with Remedy, and given Remedy was written back in the early 90s, the chances of buffer overflows are very high. That is the case with any old application, such as sendmail. I don't know any good Unix admin who'd use sendmail given the choice between sendmail or postfix. Many of my Unix colleagues have a very dim opinion of PHP, too. Consider IIS or IE. Despite all the money MS has thrown at those two products, there's still a steady stream of security issues. Even when one takes a badly written product and applies lots of money and development time, the security problems often persist. However, I've often thought to myself, while someone on the local network could hack Remedy, if they have those skills then why bother? There's no point hacking Remedy when one could go straight to the database, or run a packet sniffing tool, or find an HR application to hack, or bring a corporate network to a standstill, etc. John ____________________________________________________________________________ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org ARSlist:"Where the Answers Are" _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org ARSlist:"Where the Answers Are"
