walt <w41...@gmail.com> writes: > I've been reading the monthly security bulletin from sans.org for > several years. During that time I've noticed some recurring themes, > including multiple appearances from Adobe products like Flash. > > Another recurring theme is ftp servers (of which there are dozens) > like this month's report: > > Platform: Cross Platform > Title: Wing FTP Server "ssh public key" Authentication Security Bypass > Vulnerability > Description: Wing FTP Server is a secure file server for Windows, Linux, > Mac, FreeBSD and Solaris. Wing FTP Server is exposed to a security bypass > issue that affects the SSH authentication mechanism. Versions prior to > Wing FTP Server 3.8.8 are affected. > Ref: http://www.securityfocus.com/bid/48335/info > > Mind you, this is the first time I've seen Wing mentioned, but over the > years there have been dozens of other ftp servers cited for other flaws > in security. > > My question: WTF uses these poorly written ftp servers? Why do they > exist? Who asked for them? Who wrote the code, and why? > > My tentative guess: either evil programmers, or incompetent programmers. > (I suspect the intersection of the two sets is very small.) > > Many years ago when I was still using M$ Windows I wrote my own hex > editor in Visual Basic. I can't explain why I chose to do it, other > than as an exercise to learn Visual Basic. (I haven't used it since.) > > I'm quite certain that my hex editor would flunk even the most basic > security tests today because I wasn't programming with security in mind. > (In other words, I was the rankest of amateurs.) > > I'm running out of indignation now, and going to bed, but I'd welcome > other indignant comments :)
Egad, such foolishness. What's wrong with them... (How did I do for indignant? ; ) )
