>>> You were hacked through the SSL exploits before te patch came out?
>>
>> The day before.
>
> You have reported that to the proper authorities, haven't you?
I went back to web development ;-)
> AFAIK there is a common belief that the patch was there before
> public exploits. (For the SSL issues at least, not necessarily so
> for the LSASS issues.)
The patch was released on April 13th, our server was hacked on April
12th. First time I've ever seen this happen but I'm honestly not
surprised with Microsoft's messed up products.
>> It was a few days later, one of our customers had complained about SSL
>> not working right, so I did some testing and uncovered some strange
>> text being displayed via SSL but not port 80. I tracked it down on
>> the
>> server and realized pretty quickly what had happened.
>
> I don't find that very convincing evidence for a zero day attack.
> Not to dispute that you were attacked, but what makes you believe
> it was a zero day?
It was the day before the patch, not afterwards. The files were all
dated the 12th rather than the 13th.
> You claim to have been hacked by somebody with sufficient skill
> to launch a zero day attack, yet you do not take the server apart
> and completely rebuild it afterwards? How do you know your server
> isn't completely Trojaned, has all sorts of extra accounts for
> remote administration and who knows what else?
I brought those up to the director (my manager) who didn't seem overly
concerned. The server is leased at a remote location. I'll ping him
again about it though. Thanks for reminding me.
--
Damien McKenna - Web Developer - [EMAIL PROTECTED]
The Limu Company - http://www.thelimucompany.com/ - 407-804-1014
"Nothing endures but change." - Heraclitus
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
