[cs615asa] HW3

Avineshwar Singh asingh16 at stevens.edu
Sat Feb 20 06:36:20 EST 2016

Dear Professor,
HW #3 says we need to confirm there is no introduction of backdoor post
installation of nginx. Is it sufficient if all the security patches are
installed, including for nginx (for all the reported CVEs), and there are
no available patches since everything is in position in terms of security ?
Or do we need to do an explicit virus/trojan check ? But that may require a
new package as there is no inbuilt utility for it & I'm not able to
correctly relate backdoor with CVEs as CVEs are some kind of reported
vulnerabilities and they cannot be categorized as deliberately introduced
backdoor until an exploitable backdoor is existing in some code due to
improper coding practices which is then being referred to as backdoor which
is actually a reported CVE having an id.

On 16 February 2016 at 23:24, Jan Schaumann <jschauma at stevens.edu> wrote:

> https://www.cs.stevens.edu/~jschauma/615/s16-hw3.html
> and
> https://www.cs.stevens.edu/~jschauma/cgi-bin/CS615-04.cgi
> _______________________________________________
> cs615asa mailing list
> cs615asa at lists.stevens.edu
> https://lists.stevens.edu/mailman/listinfo/cs615asa


Avineshwar Pratap Singh,
MS (in CyberSecurity),
Stevens Institute of Technology

[+] Add me to your address book
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.stevens.edu/pipermail/cs615asa/attachments/20160220/01f2e224/attachment.html>

More information about the cs615asa mailing list