[154208] in North American Network Operators' Group
Re: No DNS poisoning at Google (in case of trouble, blame the DNS)
daemon@ATHENA.MIT.EDU (Ken A)
Thu Jun 28 11:23:29 2012
Date: Thu, 28 Jun 2012 10:21:26 -0500
From: Ken A <ka@pacific.net>
To: nanog@nanog.org
In-Reply-To: <CACg3zYFmwUt78ZhVkWtxuHD0mN1v-Q3_TvDB0Ome2HBAtM9jMQ@mail.gmail.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On 6/28/2012 6:05 AM, Tei wrote:
> If you use these project that already do 99% of what the customer
> need, plus a 120% the customer not need (and perhaps don't want). The
> code quality will be normally be good, with **horrible** exceptions.
> But sooner or later, (weeks) there will be exploits for this codebase,
> to hack the site in horrible ways. If the customer don't pay
> maintenance and dont do the maintenance himself the code will turn
> comically outdated. Hacking the site will be easy for childrens age 5
> and high. Maintenance suck. This option suck.
>
> All options suck.
That's why there are things like mod_security and other application
level firewalls. After exploits have CVE numbers, so do the fixes to the
firewalls. And, due to the cost of custom software, and ease of use of
push button install Wordpress, this isn't likely to change soon.
It would be nice if WP/Joomla/etc force auto-updated by default, at
least for sec fixes..
Ken
Pacific.Net
