addressalign-toparrow-leftarrow-rightbackbellblockcalendarcameraccwcheckchevron-downchevron-leftchevron-rightchevron-small-downchevron-small-leftchevron-small-rightchevron-small-upchevron-upcircle-with-checkcircle-with-crosscircle-with-pluscontroller-playcrossdots-three-verticaleditemptyheartexporteye-with-lineeyefacebookfolderfullheartglobegmailgooglegroupshelp-with-circleimageimagesinstagramFill 1light-bulblinklocation-pinm-swarmSearchmailmessagesminusmoremuplabelShape 3 + Rectangle 1ShapeoutlookpersonJoin Group on CardStartprice-ribbonprintShapeShapeShapeShapeImported LayersImported LayersImported Layersshieldstartickettrashtriangle-downtriangle-uptwitteruserwarningyahoo

Re: [newtech-1] statistical breakdown of the collected website defacements from the last few years

From: Victor S.
Sent on: Sunday, March 16, 2008 2:30 PM
Statistics in the repport are about entire stack OS, WEB SERVER, DB and poor coding that is so common with all the free hobby projects in PHP. "it's free !"
With daily joomla and druppal suggestions flying around, this is certainly worth talking about.
 
 Report is right there, have a closer look.
 
 


 
On Sun, Mar 16, 2008 at 2:12 PM, Asif Youssuff <[address removed]> wrote:
On Mar 16, 2008, at 2:04 PM, Victor Shamanovsky wrote:

> Those numbers show us that LAMP stack is more difficult to work
> with for
> various reasons. It is more costly because of that, and in addition
> raw
> numbers indicate that it is getting hacked more.

Sounds more like PHP being insecure and/or hard to secure.

If you want to make this something about .NET and other development
platforms, you may have a point.

However, the OS argument here is irrelevant. Most of these servers
are running PHP, and it's not as if IIS is invincible either.

Sadly enough, I'm developing a PHP app right now, but thankfully I
have a Perl/C background, and can see security holes (fairly) easily.

.NET like any type of managed code (Java, Ruby, Lisp, etc.) is
inherently safer for the server -- but the app can still be cracked
(obviously, nothing is perfect).

This article is a red herring, since they are not drawing a
difference between the OS that the server is running and the apps
that the server is running.

It's really not even worth talking about.

-Asif



--
Please Note: If you hit "REPLY", your message will be sent to everyone on this mailing list ([address removed])
http://newtech.meetup.com/1
This message was sent by Asif Youssuff ([address removed]) from NY Tech Meetup.
To learn more about Asif Youssuff, visit his/her member profile: http://newtech.meetup.com/1/members/4507642/
To unsubscribe or to update your mailing list settings, click here: http://www.meetup.com/account/?tab=comm

Meetup.com Customer Service: [address removed]
632 Broadway New York NY 10012 USA


Our Sponsors

People in this
Meetup are also in:

Sign up

Meetup members, Log in

By clicking "Sign up" or "Sign up using Facebook", you confirm that you accept our Terms of Service & Privacy Policy