OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help



   RE: [xml-dev] Can A Web Site Be Reliably Defended Against DoS Att acks?

[ Lists Home | Date Index | Thread Index ]

Right, but the query is not about defending against the 
virus.  One can do that with a good firewall and being 
smart about attachments.  I'm not worried about music 
files, Mom and Pop, or even the global banking systems 
becoming hostage to the Butterfly effect.

The problem is that if an effective attack is launched, 
the IP addressable site is hosed.  There is no 
credible defense, AFAIK.  One can protect the data 
yes, but not the system use, so for any command and 
control system where the owner has real and determined 
opposition, the best thing is to use a VPN instead of 
the web.

This means that some of the Federal dollars pushing 
initiatives for some public systems and vendors 
who are pushing middle tier vendors off of non-web 
frameworks are increasing the risks ahead of the 
safety aspects.  Should we say, iceberg dead ahead?

We know how to mitigate, but not to prevent. Some 
markets have to be made more aware.  There is a 
very good reason procurement officials can waive 
requirements from higher authorities.


From: Alaric B Snell [mailto:alaric@alaric-snell.com]

Dare Obasanjo wrote:
> Short of creating a mail client and server that prevented people from
> receiving mail attachments, how would you solve the problem exploited
> by this current virus on any one of the popular operating systems
> existing today?

On many UNIX systems, just mount /home as not allowing execution, so 
people need root priveleges to install software, and non-installed 
software can't be run.

UNIX systems don't really have this concept of an executable file 
sitting there waiting to be clicked on, anyway - things generally need 
to be in your path to get executed to begin with. If I got sent an 
executable file as an attachment, I'd need to save it to my home 
directory then open up a shell window and explicitly invoke it, with a 
"./" prefix to override the path and execute a file from the current 



News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 2001 XML.org. This site is hosted by OASIS