[Gllug] Re: Insecure practices at my ISP

[Adam Bower]

Jason Clifford writes: 

> On Thu, 3 Apr 2003, Garry Heaton wrote:

> Have you contacted PlusNet to tell them of your concerns? They are a 
> reputable company so they should be receptive.

I informed them of the same/similar security problem when I was a customer 
of theirs, this was well over 2 years ago (bad permissions on directories) 
and also of a linux kernel ptrace (or similar) vulnerability and a few other 
packages not being up to date on their server. 

They didn't believe me at first and challenged me to prove the claim, I then 
uploaded an example script and told them to run it which they did and the 
comment was something along the lines of "Oh well I don't think we will 
worry about that, its not really a big problem" they were no longer my 
hosting co. about an hour after that. 

Adam 


-- 
Gllug mailing list  -  Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug