Privacy.lie Not Secure
Web Server forum
Back To The Forum Home!Search!Private Messaging System
Visit your User Control Panel!Register your FREE username now!Visit Our Calendar!View the Member List!Faqs!Search our Forums!

Web Server Talk Web Server Talk > WebserverTalk Community > Anonymous Servers > Privacy.lie Not Secure




  Last Thread   Next Thread Next
  Show Printable Version Email this Page Subscribe to this Thread      Post New Thread    Post A Reply      

    Privacy.lie Not Secure  
Borked Pseudo Mailed


View Ip Address Report This Message To A Moderator Edit/Delete Message


 
06-21-07 12:15 AM

We already have a good idea of how ineptly managed privacy.lie's servers
are from their expired SSL certificates. Here's a little more information
in that vein.

They're running Apache 2.0.53. Current version is 2.2.4. Security
backports for their Fedora distribution is at 2.0.55. They'd be better off
running the 1.x branch if they cared about security at all and didn't
want to invest the huge amount of time and effort it takes to run
'yum update' every once in a while. ;)

PHP is a total disaster at version 4.3.11. Current is 5.2.3. Latest v4
branch is 4.4.7 with so many security updates between 4.3.11 and latest
that it's impossible to count them all. They're literally a php back door
waiting to be opened. Since they're running the 2.x branch of Apache they
could upgrade to the 5.x php branch. If they really cared about
protecting users.

They're running linux kernel 2.6.17.4-grsec found to have root exploit
vulnerabilities almost a year ago. I think the generic 2.6 Linux kernel is
up to about 2.6.21.5, with most distros patched up to 2.6.20.x levels. The
latest grsec kernel is 2.6.19.x I believe.

They have literally dozens of information leaking pages and scripts
on their web site. From admin tools, to "shopping cart" databases, to
banner rotation scripts known to be vulnerable to SQL injection attacks.
No BS, there are at the very least 70 known vulnerabilities. Most of
them are junk that should have been removed still in default locations.
Relying on the odds that nobody will bother looking I guess?

Here's a sample of they way they leak information in bulk. Nothing
compromising user information. I wouldn't do that myself but this a
real example of how good their so called security is. An important
piece of information considering the way they claim to be able to make
everyday services more secure than anyone else.

http://www.privacy.li/phpinfo.php

Get it while it's hot. I'll bet it's removed pretty quick.

If you go anywhere near privacy.lie you better be very careful. Lord
knows what the other net scumbags or law enforcement has already swiped
from the lazy bums and making their weaknesses public won't help the
situation at all unless they get off their butts and do something about
it.




[ Post a follow-up to this message ]



    Sponsored Links  




 



   All times are GMT. The time now is 10:09 AM.      Post New Thread    Post A Reply      
  Last Thread   Next Thread Next


Most Popular forums 
Apache Server MySQL for Windows Sendmail
Red Hat Networking SuSe Linux Debian Linux
FreeBSD administration Sun Solaris administration Unix Shell programming
WebSphere Portal Server Exchange 2000 administration PostgreSQL administration
Linux Security Computer Security Firewalls

Forum Jump:
Rate This Thread:

Forum Rules:
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts 		HTML code is OFF
vB code is ON
Smilies are ON
[IMG] code is OFF
 
Medical and Health forum | Computer Games Reviews | Graphics design forum

Back To The Top
Home | Usercp | Faq | Register