To: NT System Admin Issues
Subject: RE: Time to verify your IIS setup
SQLI and Blind SQLi are fun... You just need to go to some OWASP meetings, it
will start to make a lot of sense, that and scare the living crap out of you,
on how poorly web applications are written and how much they are relied
*From:* Andrew S. Baker [mailto:asbz...@gmail.com]
*Sent:* Tuesday, June 15, 2010 5:46 PM
*To:* NT System Admin Issues
*Subject:* Re: Time to verify your IIS setup
More important to me is, How many discrete managers of IIS
systems/environments does this represent?
I mean, on one
5:44 AM
To: NT System Admin Issues
Subject: RE: Time to verify your IIS setup
I'm not aware that SharePoint is vulnerable to SQL Injection attacks at
all. If you've ever debugged SharePoint, you'll see that most of it uses
OLEDB under the covers with parametised queries.
Cheers
Ken
[mailto:asbz...@gmail.com]
Sent: Wednesday, June 16, 2010 6:19 AM
To: NT System Admin Issues
Subject: Re: Time to verify your IIS setup
True.My focus was not on IIS itself, but on whether the owners of
the affected systems were directly managing the boxes vs outsourced
management of the boxes
Lifespan Organ...
*From:* Andrew S. Baker [mailto:asbz...@gmail.com]
*Sent:* Wednesday, June 16, 2010 6:19 AM
To: NT System Admin Issues
Subject: Re: Time to verify your IIS setup
True.My focus was not on IIS itself, but on whether the owners of the
affected systems were directly managing
...@gmail.com]
Sent: Wednesday, June 16, 2010 6:19 AM
To: NT System Admin Issues
Subject: Re: Time to verify your IIS setup
True. My focus was not on IIS itself, but on whether the owners of the
affected systems were directly managing the boxes vs outsourced management
of the boxes.
-ASB
Perhaps this will help:
http://www.qualys.com/products/qg_suite/malware_detection/
Die dulci fruere!
Roger Wright
___
On Wed, Jun 9, 2010 at 3:43 PM, Kurt Buff kurt.b...@gmail.com wrote:
about 111,000 sites infected
http://isc.sans.edu/diary.html?storyid=8935
~ Finally, powerful
Dang.
I was just curious...
How many IIS sites are there in the world? Roughly 780K. So if the
Sucuri.net's 111K number is accurate, that's about 1 in 7 IIS sites that
are affected.
Yikes.
Source:
http://news.netcraft.com/archives/category/web-server-survey/
(most places on my search pointed
More important to me is, How many discrete managers of IIS
systems/environments does this represent?
I mean, on one level, if a single ISP hosting 500 discrete sites for clients
is a victim, that's not exactly the same thing as those 500 clients failing
to manage this risk.
On the other hand
Here's an update on the issue:
http://blog.armorize.com/2010/06/recent-evolution-of-mass-sql-injection.html
On Tue, Jun 15, 2010 at 14:45, Andrew S. Baker asbz...@gmail.com wrote:
More important to me is, How many discrete managers of IIS
systems/environments does this represent?
I mean, on
On Tue, Jun 15, 2010 at 6:18 PM, Kurt Buff kurt.b...@gmail.com wrote:
http://blog.armorize.com/2010/06/recent-evolution-of-mass-sql-injection.html
So, as usual, the biggest problem is the large amount of server-side
web application software written by people who don't know how to write
secure
That just makes my head hurt.
On Tue, Jun 15, 2010 at 3:18 PM, Kurt Buff kurt.b...@gmail.com wrote:
Here's an update on the issue:
http://blog.armorize.com/2010/06/recent-evolution-of-mass-sql-injection.html
On Tue, Jun 15, 2010 at 14:45, Andrew S. Baker asbz...@gmail.com wrote:
More
, June 15, 2010 6:50 PM
To: NT System Admin Issues
Subject: Re: Time to verify your IIS setup
That just makes my head hurt.
On Tue, Jun 15, 2010 at 3:18 PM, Kurt Buff kurt.b...@gmail.com wrote:
Here's an update on the issue:
http://blog.armorize.com/2010/06/recent-evolution-of-mass-sql
-
From: Kurt Buff [mailto:kurt.b...@gmail.com]
Sent: Tuesday, June 15, 2010 6:19 PM
To: NT System Admin Issues
Subject: Re: Time to verify your IIS setup
Here's an update on the issue:
http://blog.armorize.com/2010/06/recent-evolution-of-mass-sql-injection.html
On Tue, Jun 15, 2010 at 14:45
...@lifespan.org
From: Andrew S. Baker [mailto:asbz...@gmail.com]
Sent: Tuesday, June 15, 2010 5:46 PM
To: NT System Admin Issues
Subject: Re: Time to verify your IIS setup
More important to me is, How many discrete managers of IIS
systems/environments does this represent?
I mean, on one
Admin Issues
Subject: Re: Time to verify your IIS setup
More important to me is, How many discrete managers of IIS
systems/environments does this represent?
I mean, on one level, if a single ISP hosting 500 discrete sites for clients
is a victim, that's not exactly the same thing as those
On the phone with their abuse center right now, talking with a rep about the
situation, so see if they have calls on it.
Z
Edward Ziots
CISSP,MCSA,MCP+I,Security +,Network +,CCA
Network Engineer
Lifespan Organization
401-639-3505
ezi...@lifespan.org
-Original Message-
From: Kurt Buff
They got an abuse ticket on those IPs and are working to take it down
accordingly.
Funny how SQL injection is still at the top of the latest OWASP Top 10, because
it works soo well, when you don’t use input validation Poor development is
the culprit...
Z
Edward Ziots
Wee!!!
--
ME2
On Wed, Jun 9, 2010 at 12:43 PM, Kurt Buff kurt.b...@gmail.com wrote:
about 111,000 sites infected
http://isc.sans.edu/diary.html?storyid=8935
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
19 matches
Mail list logo