That's very "politically correct of you", but the fact remains that certain countries
have larger hacker communities than others, and certain counties do not prosecute
hacking.
At 08:28 PM 1/13/01 -0800, Laszlo Nadai wrote:
>OK, I was trying to keep quiet.
>What's up with this "Korea" thing?
>Last time I heard someone of any race, religion, etc... could hack your
>stuff.
>
>laszlo
>(not from Korea BTW)
>
>Jon Hall wrote:
>>
>> Yes, but since the aforementioned tool has nothing to do with Korea, other
>> than it's author's home page hosted on a .kr domain. I believe it's ok.
>>
>> jon
>> ----- Original Message -----
>> From: "Steve Pierce" <[EMAIL PROTECTED]>
>> To: "CF-Talk" <[EMAIL PROTECTED]>
>> Sent: Saturday, January 13, 2001 9:55 PM
>> Subject: RE: Scanning my www-server for security holes: 2 holes left
>>
>> > Wouldn't some of you be nervous about using a machine from South Korea to
>> do
>> > security scans. The country is quite infamous for hacks and Spam. Are you
>> > sure want to invite someone from Korea to come test your servers without
>> > knowing more about who they are. It is that old line, "On the Internet, no
>> > one knows you are a dog."
>> >
>> > - Steve
>> >
>> >
>> > -----Original Message-----
>> > From: Jim McAtee [mailto:[EMAIL PROTECTED]]
>> > Sent: Saturday, January 13, 2001 7:00 PM
>> > To: CF-Talk
>> > Subject: Re: Scaning my www-server for security holes: 2 holes left
>> >
>> >
>> > Probably just another brain-dead security scanner. Since your server
>> > doesn't return a 404 error (file not found) for CF pages that don't exist,
>> > when this tool requests certain known "dangerous" CF files, it assumes
>> that
>> > the request was successful.
>> >
>> > I believe getfile.cfm was one of the security oversites in the cf
>> > documentation that used to be installed by default. Not sure about the
>> > other.
>> >
>> > Jim
>> >
>> >
>> > ----- Original Message -----
>> > From: <[EMAIL PROTECTED]>
>> > To: "CF-Talk" <[EMAIL PROTECTED]>
>> > Sent: Saturday, January 13, 2001 4:42 PM
>> > Subject: Scaning my www-server for security holes: 2 holes left
>> >
>> >
>> > > Hi list, s.o. mentioned a nice tool to scan your www-server for security
>> > > holes some days
>> > > ago.
>> > > http://search.iland.co.kr/twwwscan/
>> > >
>> > >
>> > > I tested my local Win NT WS with it and it keeps telling me that the
>> > > following holes exists:
>> > > ColdFusion Hole(getFile.cfm)
>> > > /getFile.cfmvendor homepage
>> > >
>> > > ColdFusion ODBC (page.cfm)
>> > > /page.cfm
>> > > vendor homepage
>> > > solution:delete this file
>> > >
>> > > I don't find any information on the Allaire web-site concerning these
>> two
>> > > files.
>> > >
>> > > I searched my whole files system for these files and they are in fact
>> not
>> > > there.
>> > >
>> > > Anybody knows what they mean ?
>> > >
>> > > Uwe
>> >
>>
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
