> >> Perhaps. What is the real risk of destroying > >> configuration files, if backups are being made? > They restore from backup, someone erases them again, > they restore, someone erases again, they restore...
Right, I understand that. However, as a consultant, I've seen places where incremental backups were made several times a day, b/c users had a habit of moving folders off of the server, and then deleting the folder when they were done w/ the files in it. Rather than "train" the users, the admins took all of the work on themselves. > I would like to say that yes, I am none too happy > with the way the vendor has reacted to this. And I > shall explain why. I am responsible for few of the > production sites exposed and vulnerable to this flaw > since they run this product. And there is nothing I > can do to fix them since the flaw is core to the > product. I thought you mentioned something about a module or something in your first post...something the vendor knew about but never bothered to document... > If this is known to anyone outside of the > vendors team, my servers are roadkill. And this > thought doesnt really give me a warm feeling inside. Well, besides the ability to wreak havok, someone has to actually do something. For your servers to be roadkill, someone has to actually launch a properly formatted attack. I know what you're thinking at this point..."if I could figure it out, then surely a malicious person/blackhat could have figured it out already, too". Well...maybe. But who knows? There's a great deal of speculation about that sort of thing happening with all sorts of vulnerabilities, but no actual evidence to support it. > Thanks all for your comments, I think I know what to > do now. Ok...good luck. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
