> On Jul 9, 2004, at 7:28 PM, Dave Watts wrote:
>>>
>>> I think I'll be able to come up with some good reasons, e.g.
>>> we wouldn't have been hacked in April if we weren't using
>>> IIS (!).
>>
>> If you were hacked in April, it might have been because you didn't
>> configure IIS properly, not just because you were using IIS.
>
> We were hacked because of a vulnerability that wasn't patched until the
> day _after_ we were hacked.
You were hacked through the SSL exploits before te patch came out?
> Of course we didn't discover it for a while...
How did you trace it back to a particular exploit? If you didn't
discover it for a while, they had quite a while to cover their
tracks.
Jochem
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
