Again, I agree... the question was not, "would people do this". That's why
I suggested including a link to the official download of the patch (maybe I
left out the word official there, so I apologies). The latter suggestion, a
link to an "automatic fix", was added in as an afterthought since the
original question included fixing the problem for the attacker.
Hatton
> -----Original Message-----
> From: Andrew Tyrone [mailto:[EMAIL PROTECTED]]
> Sent: Monday, August 13, 2001 11:27 AM
> To: CF-Talk
> Subject: RE: Total Fix For Code Red
>
>
> What person in their right mind would click a link they got from
> an email telling them their server is compromised? Remember, I
> said "right mind". Think of all the malicious attacks that could
> be propagated in this way.
>
> > -----Original Message-----
> > From: C. Hatton Humphrey [mailto:[EMAIL PROTECTED]]
> > Sent: Monday, August 13, 2001 11:26 AM
> > To: CF-Talk
> > Subject: RE: Total Fix For Code Red
> >
> >
> > > > Or is this totally unethical - love to hear your thoughts
> > >
> > > I think that it would be wrong to compromise someone else's
> > > system, even for ostensibly good goals.
> >
> > Agreed, but what would be the harm of generating an email to
> > webmaster@...,
> > admin@...., and support@... with a link to the patch and
> > instructions on how
> > to install it...
> >
> > Instead of doing it for someone, tell them how to do it. Then you might
> > also put a link in said email to a template on your server that would
> > perform the correction on their system (assuming that it is
> possible to do
> > that). That way you *know* they approve.
> >
> > Hatton Humphrey
> >
> >
> >
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
