>> We were hacked because of a vulnerability that wasn't patched
>> until the day _after_ we were hacked. Of course we didn't
>> discover it for a while...
>
> What specific vulnerability was that?
http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx
Apache et al are quicker on fixing stuff like that.
> Most IIS vulnerabilities entail services and functionality that can
> and should be disabled for public web servers.
SSL?
> If configured properly, you can avoid these vulnerabilities even if
> patches don't exist for them.
Any suggestions on how the above could have been avoided?
--
Damien McKenna - Web Developer - [EMAIL PROTECTED]
The Limu Company - http://www.thelimucompany.com/ - 407-804-1014
"Nothing endures but change." - Heraclitus
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]