[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [ProgSoc] Question regarding web pages



On Tue, 11 Jan 2005, Jeff Sinclair wrote:

> However, looking through pages people have accessed things such as
> command.exe and command.com from the webpage. What are the implications
> of people attempting to/actually accessing executables on the server?
> Does this present a security risk of any sort? I currently cant see how
> it does as the server is not actually present at my parents work (as
> said before, run by a different company) and doesnt have any passwords,
> etc remotely stored.

OK sorry I'll attempt something serious  :)

Potentially:  The site can get defaced;  it could turn into a phishing
site;  it could track customer IPs and give everyone a privacy headache;
and it could also phish information that your parents enter into it.  It
could also find out the IP of your parents and target that IP heavily.
Then of course there are the spamming and DoSing possibilities, against
your site, the customers, and your parents' personal computers.

It's practically an out-of-control computer with a fat network pipe and
the authority to say it belongs to someone important.

CK.

-
You are subscribed to the progsoc mailing list. To unsubscribe, send a
message containing "unsubscribe" to progsoc-request@xxxxxxxxxxxxxxxxxxx
If you are having trouble, ask owner-progsoc@xxxxxxxxxxxxxxxxxx for help.