×
The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.
Hello Rob,
Am 22.07.2020 um 14:15 schrieb Steve Pitcher <SPitcher@xxxxxxxxxxxx>:
You know how many times I've been asked to remove track/trace on the default Apache server that nobody uses? Pen test tools used are far more effective if someone has knowledge of IBM i.
Please, define a "hole". Pentesters yammer about Apache showing a version string. OMG! How very insecure! Today, this doesn't mean too much. My Apache gets strange log entries all the time and when looking at them, it appears that some bot is trying IIS exploits on it, or for ancient Apache versions. Since "pentesting" can be automated, also the bad guys do that. Most often, just interesting targets will be manually explored. It's a bit like the "call all numbers" from the Wargames Movie.
Stay current with PTFs, shut down ASJ/PSJ opening unneeded TCP ports, and a good deal of real possibilities to exploit something are gone. Of course, also here the old saying is true: You achieve 80% of your goal with 20% of work. But the last 20% need 80% of time…
:wq! PoC
PGP-Key: DDD3 4ABF 6413 38DE -
https://www.pocnet.net/poc-key.asc
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact
[javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
