Michael Dillon wrote:
| A more important question is "how were the DOJ and CIA sites hacked".
| If they were running an old version of NCSA httpd or a UNIX machine with
| full services and no patches then perhaps they deserved what they got.
| Nowadays, Apache is pretty secure and it is quite easy to secure a UNIX
| machine simply by taking the trouble to review available patches and to
| turn off unneeded services.
Don't forget careful review & handling of CGI. I suspect bad
cgi is at fault regularly. I know the CGI I review tends to start out
pretty trusting that its input is freindly.
"It is seldom that liberty of any kind is lost all at once."