To: NT System Admin Issues
Subject: RE: Time to verify your IIS setup
SQLI and Blind SQLi are fun... You just need to go to some OWASP meetings, it
will start to make a lot of sense, that and scare the living crap out of you,
on how poorly web applications are written and how much they are relied
*From:* Andrew S. Baker [mailto:asbz...@gmail.com]
*Sent:* Tuesday, June 15, 2010 5:46 PM
*To:* NT System Admin Issues
*Subject:* Re: Time to verify your IIS setup
More important to me is, How many discrete managers of IIS
systems/environments does this represent?
I mean, on one
5:44 AM
To: NT System Admin Issues
Subject: RE: Time to verify your IIS setup
I'm not aware that SharePoint is vulnerable to SQL Injection attacks at
all. If you've ever debugged SharePoint, you'll see that most of it uses
OLEDB under the covers with parametised queries.
Cheers
Ken
[mailto:asbz...@gmail.com]
Sent: Wednesday, June 16, 2010 6:19 AM
To: NT System Admin Issues
Subject: Re: Time to verify your IIS setup
True.My focus was not on IIS itself, but on whether the owners of
the affected systems were directly managing the boxes vs outsourced
management of the boxes
Lifespan Organ...
*From:* Andrew S. Baker [mailto:asbz...@gmail.com]
*Sent:* Wednesday, June 16, 2010 6:19 AM
To: NT System Admin Issues
Subject: Re: Time to verify your IIS setup
True.My focus was not on IIS itself, but on whether the owners of the
affected systems were directly managing
...@gmail.com]
Sent: Wednesday, June 16, 2010 6:19 AM
To: NT System Admin Issues
Subject: Re: Time to verify your IIS setup
True. My focus was not on IIS itself, but on whether the owners of the
affected systems were directly managing the boxes vs outsourced management
of the boxes.
-ASB
Perhaps this will help:
http://www.qualys.com/products/qg_suite/malware_detection/
Die dulci fruere!
Roger Wright
___
On Wed, Jun 9, 2010 at 3:43 PM, Kurt Buff kurt.b...@gmail.com wrote:
about 111,000 sites infected
http://isc.sans.edu/diary.html?storyid=8935
~ Finally, powerful
Dang.
I was just curious...
How many IIS sites are there in the world? Roughly 780K. So if the
Sucuri.net's 111K number is accurate, that's about 1 in 7 IIS sites that
are affected.
Yikes.
Source:
http://news.netcraft.com/archives/category/web-server-survey/
(most places on my search pointed
More important to me is, How many discrete managers of IIS
systems/environments does this represent?
I mean, on one level, if a single ISP hosting 500 discrete sites for clients
is a victim, that's not exactly the same thing as those 500 clients failing
to manage this risk.
On the other hand
Here's an update on the issue:
http://blog.armorize.com/2010/06/recent-evolution-of-mass-sql-injection.html
On Tue, Jun 15, 2010 at 14:45, Andrew S. Baker asbz...@gmail.com wrote:
More important to me is, How many discrete managers of IIS
systems/environments does this represent?
I mean, on
On Tue, Jun 15, 2010 at 6:18 PM, Kurt Buff kurt.b...@gmail.com wrote:
http://blog.armorize.com/2010/06/recent-evolution-of-mass-sql-injection.html
So, as usual, the biggest problem is the large amount of server-side
web application software written by people who don't know how to write
secure
That just makes my head hurt.
On Tue, Jun 15, 2010 at 3:18 PM, Kurt Buff kurt.b...@gmail.com wrote:
Here's an update on the issue:
http://blog.armorize.com/2010/06/recent-evolution-of-mass-sql-injection.html
On Tue, Jun 15, 2010 at 14:45, Andrew S. Baker asbz...@gmail.com wrote:
More
, June 15, 2010 6:50 PM
To: NT System Admin Issues
Subject: Re: Time to verify your IIS setup
That just makes my head hurt.
On Tue, Jun 15, 2010 at 3:18 PM, Kurt Buff kurt.b...@gmail.com wrote:
Here's an update on the issue:
http://blog.armorize.com/2010/06/recent-evolution-of-mass-sql
-
From: Kurt Buff [mailto:kurt.b...@gmail.com]
Sent: Tuesday, June 15, 2010 6:19 PM
To: NT System Admin Issues
Subject: Re: Time to verify your IIS setup
Here's an update on the issue:
http://blog.armorize.com/2010/06/recent-evolution-of-mass-sql-injection.html
On Tue, Jun 15, 2010 at 14:45
...@lifespan.org
From: Andrew S. Baker [mailto:asbz...@gmail.com]
Sent: Tuesday, June 15, 2010 5:46 PM
To: NT System Admin Issues
Subject: Re: Time to verify your IIS setup
More important to me is, How many discrete managers of IIS
systems/environments does this represent?
I mean, on one
Admin Issues
Subject: Re: Time to verify your IIS setup
More important to me is, How many discrete managers of IIS
systems/environments does this represent?
I mean, on one level, if a single ISP hosting 500 discrete sites for clients
is a victim, that's not exactly the same thing as those
about 111,000 sites infected
http://isc.sans.edu/diary.html?storyid=8935
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
[mailto:kurt.b...@gmail.com]
Sent: Wednesday, June 09, 2010 3:43 PM
To: NT System Admin Issues
Subject: Time to verify your IIS setup
about 111,000 sites infected
http://isc.sans.edu/diary.html?storyid=8935
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http
,Security +,Network +,CCA
Network Engineer
Lifespan Organization
401-639-3505
ezi...@lifespan.org
-Original Message-
From: Kurt Buff [mailto:kurt.b...@gmail.com]
Sent: Wednesday, June 09, 2010 3:43 PM
To: NT System Admin Issues
Subject: Time to verify your IIS setup
about 111,000 sites
Wee!!!
--
ME2
On Wed, Jun 9, 2010 at 12:43 PM, Kurt Buff kurt.b...@gmail.com wrote:
about 111,000 sites infected
http://isc.sans.edu/diary.html?storyid=8935
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
20 matches
Mail list logo