From owner-freebsd-security Tue Aug 31 20:31:27 1999 Delivered-To: freebsd-security@freebsd.org Received: from magnesium.net (toxic.magnesium.net [204.188.6.238]) by hub.freebsd.org (Postfix) with SMTP id 94D351544E for ; Tue, 31 Aug 1999 20:31:23 -0700 (PDT) (envelope-from unfurl@magnesium.net) Received: (qmail 8699 invoked by uid 1001); 1 Sep 1999 03:30:22 -0000 Date: Tue, 31 Aug 1999 20:30:22 -0700 From: Bill Swingle To: Laurence Berland Cc: Liam Slusser , Kevin Lynn , Peter Kok , security@FreeBSD.ORG Subject: Re: hotmail Message-ID: <19990831203022.A8558@dub.net> References: <37CC9BC7.45CE961E@confusion.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.6i In-Reply-To: <37CC9BC7.45CE961E@confusion.net>; from Laurence Berland on Tue, Aug 31, 1999 at 11:21:43PM -0400 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org This is correct. Hotmail has ~1800 FreeBSD boxen as webservers and their database stuff is run on Sun boxen running Solaris. -Bill On Tue, Aug 31, 1999 at 11:21:43PM -0400, Laurence Berland wrote: > Last I heard the frontend that served up the pages was FreeBSD, and the > mail backend for incoming and outgoing mail was Solaris. BTW the > exploit was just telling the cgi script you wanted the post-login page > or some page just after login that you wanted that page, and it just > assumed that you were already authenticated (which you weren't). > Nothing to do with freebsd, just a bad cgi program. > > Liam Slusser wrote: > > > > I thought hotmail was using Sun hardware running Solaris? Anybody > > know? > > > > liam -- -=| --- B i l l S w i n g l e --- http://www.dub.net/ -=| unfurl@dub.net - unfurl@freebsd.org - bill@cdrom.com -=| Different all twisty a of in maze are you, passages little To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message