[2118] in WWW Security List Archive
Re:Macintosh Web Server Issues
daemon@ATHENA.MIT.EDU (Enrico Cantu)
Mon May 20 11:40:32 1996
In-Reply-To: <v02140b06adc5a9175512@[206.170.39.104]>
Date: Mon, 20 May 1996 08:29:40 -0500
To: Tim Dierks <tim@dierks.org>
From: Enrico Cantu <ecantu@uh.edu>
Cc: www-security@ns2.rutgers.edu, kgmlists@3rdmill.com
Errors-To: owner-www-security@ns2.rutgers.edu
At 9:49 PM -0700 5/19/96, Tim Dierks wrote:
>If you don't have physical control of your hardware, you have nothing; I
>don't care how secure you believe your software is. I'm willing to wager a
>bundle of dough that if you give me five minutes with your server, I can
>interrupt your web service. I don't need passwords or operating systems,
>keyboards or displays; all I need is a hammer and a wire cutters.
True, but that is not Macintosh-specific. I wasn't being general about the
list regarding physical control, just this thread; furthermore, I was only
limiting the interruption of web service via software means. (however not
just TCP attack) I know of several departments and organizations on campus
whose webserver, although not in a public area, is still prone to tampering
from staff who may think they know what they are doing, or worse still, is
a shared machine for other applications. With a UNIX workstation that has
a login screen (or a third-party Mac utility equivalent), this problem is
reduced significantly.
Rico
--
Out the 10Base-T, off the bridge, round the token-ring, past the firewall,
through the router, down the T1, over the leased line ... nothing but Net.
ecantu@uh.edu http://www.bchs.uh.edu/~ecantu/ GC at chembb@menudo.uh.edu
Department of Biochemical and Biophysical Sciences, University of Houston
