On Wed, 20 Jun 2001, Zachary Uram wrote:
> On Wed, 20 Jun 2001, Gary Warner wrote:
> > [Gar's Note: One might well ask why anyone in their right mind would use
> > IIS for anything. Currently, *ALL* IIS servers that were not patched in
> > the past 24 hours are open to system file level access to hackers privy to
> > the most recent buffer-run overflow. See www.eeye.com for details.]
>
> as soon as some IIS exploit is discovered and patched it seems a
> new one crops up a few days later!
> people need to move to *NIX/Apache environment.
> also the article mentioned this "critical infrastructure" system
> was on public network with NO firewall, NO intrustion detection,
> etc.. our tax dollars hard at work eh?
Sure, but problems pop up with apache and unix also quite frequently. Unix
was not designed with security first, and it clearly shows today. There
are many methods one can use when addressing public file serving that may
be more restricted than fully featured webservers like Apache. Apache is a
great webserver, with a feature to handle nearly every web application in
demand, but thay may be a downfall as well. When it comes to serving up a
file to the big bad internet, there are simpler methods.
-truman
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
