True. My focus was not on IIS itself, but on whether the owners of the affected systems were directly managing the boxes vs outsourced management of the boxes.
-ASB: http://XeeSM.com/AndrewBaker On Tue, Jun 15, 2010 at 7:17 PM, Ziots, Edward <ezi...@lifespan.org> wrote: > Problem is that its not IIS in itself that is the problem is the > web-application running on IIS that doesn’t sanitize its input that is the > problem, that and probably using an Database user account with too much > privileges to access the backend, plus no auditing on the database backend > to track what is being viewed, and on and on… > > > > Too bad it takes mass hacks like these to get some peoples attention to the > matter, often too late, after they have been 0wned….. > > > > Z > > > > Edward Ziots > > CISSP,MCSA,MCP+I,Security +,Network +,CCA > > Network Engineer > > Lifespan Organization > > 401-639-3505 > > ezi...@lifespan.org > > > > *From:* Andrew S. Baker [mailto:asbz...@gmail.com] > *Sent:* Tuesday, June 15, 2010 5:46 PM > > *To:* NT System Admin Issues > *Subject:* Re: Time to verify your IIS setup > > > > More important to me is, "How many discrete managers of IIS > systems/environments does this represent?" > > > > I mean, on one level, if a single ISP hosting 500 discrete sites for > clients is a victim, that's not exactly the same thing as those 500 clients > failing to manage this risk. > > > > On the other hand (and from a more practical standpoint), they're still > victims just the same... > > > -ASB: http://XeeSM.com/AndrewBaker > > On Tue, Jun 15, 2010 at 5:38 PM, Sam Cayze <sam.ca...@rollouts.com> > wrote: > > Dang. > I was just curious... > > How many IIS sites are there in the world? Roughly 780K. So if the > Sucuri.net's 111K number is accurate, that's about 1 in 7 IIS sites that > are affected. > Yikes. > > Source: > http://news.netcraft.com/archives/category/web-server-survey/ > > (most places on my search pointed to NetCraft having the most accurate > results). > > Sam > > > > > > > On Wed, Jun 9, 2010 at 3:43 PM, Kurt Buff <kurt.b...@gmail.com> wrote: > > about 111,000 sites infected > > > > http://isc.sans.edu/diary.html?storyid=8935 > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > > > > > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
