[Purdue-pm] security exploits
Budzik, Michael J.
mikeb at purdue.edu
Tue Jan 20 11:29:19 PST 2009
Dave sez:
> I was here when they started up PLUG, the campus Linux group, and one
of
> the first meetings had the president showing off his fancy SGI box. He
> had a CGI program that would show certain system data on it. He said
it
> was secure. I tried it, in front of the LUG and everybody. I got it to
> show /etc/passwd with a simple injection attack. And this was in the
bad
> old days before shadow passwords.
That *would* be embarrassing. Let's be clear. If this happened, it
wasn't at one of the first meetings of Plug. I would remember a fail
like that, and as the founding VP (1995 *if* memory serves), I can
assure you that Matt (the founding Prez) never had an SGI box. The next
Prez didn't have an SGI either.
I think your timeline (or memory) is off. I'm going to assume it was a
more recent PLUG prez (they don't make 'em like they used to). I just
wanted to defend Matt's good name.
Hey, I'm no longer a lurker! Bummer that it was off topic.
Mike B
More information about the Purdue-pm
mailing list