On Tue, 5 Dec 2000, Ken Hardy wrote:
> I saw something on some list or other that said that the NAI
> Brazil site was hacked through bugs in IIS. No firewall will
> protect against in-band attacks like that. However, whereas
> their products may be off the hook, their security procedures
> are not; there is an available patch from MS that fixes the IIS
> bug that was exploited, but they had not applied the fix.
RDS is still the #1 vector of attack for IIS servers and the damn thing's
been fixed for something like 2 years. There's a *lot* of brokeness out
there, and it's a shame to see a security company fall victim to essential
system patch issues. Do you know if it was RDS, or one of the other IIS
canopeners?
Thanks,
Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
[EMAIL PROTECTED] which may have no basis whatsoever in fact."
PSB#9280
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
