____/ Peter Köhlmann on Thursday 10 January 2008 20:07 : \____
> Tom Shelton wrote:
>
>> On 2008-01-10, Peter Köhlmann <peter.koehlmann@xxxxxxxxxxx> wrote:
>>> http://www.modsecurity.org/blog/
>>>
>>> Well, well
>>>
>>> Didn't Erik F tell us just lately that there are no security holes for
>>> IIS?
>>>
>>> And don't the wintrolls fall over themselves asserting that they browse
>>> completely secure because they use "AV" (that fairy dust potion which
>>> averts "malware")
>>
>> Last time I checked, and SQL Injection attack is not an IIS
>> vulnerability... It is a vulnerability in the web app it's self.
>>
>
> Last time I checked Erik Funkenbusch held Apache liable for similar attacks.
>
> Why the double standards now?
> Because Erik F is a lying astroturfer, and defends wintendo?
Exactly! It's usually applications that are to be blamed. Of course, Microsoft
tries to pretend that a blobified IIS somehow defends against software
vulnerabilities whereas Apache does not. The funny thing is that Microsoft has
just invited Apache developers over the Redmond. Are they realising that
Apache isn't going away like... ever? They try to embrace the threats (and
squash or bring over to Windows if they can shell out enough money).
--
~~ Best of wishes
Roy S. Schestowitz | UNIX: Because a PC is a terrible thing to waste
http://Schestowitz.com | GNU/Linux | PGP-Key: 0x74572E8E
Mem: 515500k total, 444932k used, 70568k free, 5624k buffers
http://iuron.com - next generation of search paradigms
|
|
