Results 1 to 4 of 4
  1. #1
    Junior Member
    Join Date
    Jul 2006

    Question various Vulnerabilities?

    Greetings and Well Met ANTIonline!

    I realize these questions may intially be broad in their scope, but it is that scope in which I seek understanding.

    I would first like to detail a bit of history before I get into my Question(s):

    I am a member of my church's Web Page Ministry, and we are beginning (have begun) the ground-work for a new home for the church's domain. We have already chosen the hoster.

    With the possible choices before us for the OS of the server to host the church's domain of either Windows2k3 or a *nix flavor.
    I want to know, from the community's experience, what VULNERABILITIES exist in BOTH OS's implementations of:

    PHP v5.1.4 & v4.4.2
    SQL (my)v4.1 & v5.0 ; (M$)v7 & 2000/2005
    SSH v3.2 v5.2 (OpenSSH? lost its FIPS cert? is this important?)
    SSL v0.9.x ; (NS)v3.0 ; (M$) Exch Srv 07

    (I should think this is the majority of concerns for anyone who hosts a website)

    the hoster we will use stated they have these:

    * unix (v. php 4.4 mysql 4.1.

    * win2k3 .NET 2k3

    I realize the propensity will lean towards OSS, which is fine by me, but I need detailed information for both sides as I will need to explain the reasoning behind choosing OSS. I need pros/cons about both win and nix implementations. (my experience if heavy in client systems, negligible in server)

    I want to thank this group in advance, your help and point(s) of view will be most appreciated.

    I have attempted to use various security related sites in attempts to answer these Q on my own (bugtrak, sans, here) yet while I can find a million references to PHP + vulnerabilities, etc. what I have not found is the understanding gained from one who uses *nix/win.
    So thank you again for your help in this.


    mayhaps what I am asking can also be what the community uses for their webpage/hosting server OS, what services they employ (ecommerce, php, forums, etc.) (?)

    \"One is defined by their actions,...
    not their words.\"

  2. #2
    Just Another Geek
    Join Date
    Jul 2002
    Rotterdam, Netherlands
    what VULNERABILITIES exist in BOTH OS's implementations of
    The Changelogs of the respective applications should reveal the information.
    As for any MS software: http://www.microsoft.com/security

    Usually the source is basicly the same and, as a consequence, so are the bugs.

    That said, I do know running PHP and/or Apache on a windows machine does have it's own quirks. This is because PHP and Apache are case-sensitive and windows is not (when it comes to filenames).

    One pro I could mention is OSS usually fixes bugs quicker. With MS software you would need to wait until "patch tuesday" each month.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  3. #3
    Senior Member
    Join Date
    Jan 2003
    Hey Hey,

    I'd recommend going to SecurityFocus and searching their... You can search by version of software.... Also check out Mitre for CVE's... You can search the pages and see what you come up with... just pop in the various pieces of software... each one will usually have a link back to the vendor specific version page that will cover the vuln versions...

    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  4. #4
    Junior Member
    Join Date
    Jul 2006
    thank you for your responses, it is good to have a focus on islands of information within the ocean of the 'net.

    \"One is defined by their actions,...
    not their words.\"

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts

We have made updates to our Privacy Policy to reflect the implementation of the General Data Protection Regulation.