Sigh. More FUD.
1. There are 1.5 million sites running IIS
2. Only a portion of these are running IIS4 (from the
NT Option Pack)
3. Only a portion of (2) have left the password-changing app
enabled.
4. You certainly shouldn't see the password-changing app
enabled on an NT box being used as a firewall.
The attack in question is a buffer overflow attack exploit IIS, a patch for
which is already available from MS. IIS is not an essential part of NT, but
is provided with the NT package free of charge.
If you're using a buffer overflow exploit against an app as basis for not
using NT, then no-one should be using any UNIX-based OS - see Rootshell or
any other halfway-decent hacker's site for more info ;-).
Brian Steele
-----Original Message-----
From: Bill Stackpole <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: Saturday, 19 June, 1999 11:51 PM
Subject: RE: Why not NT?
I heard on the news this morning that there are 1.5 million web sites using
IIS that are subject to hacking by a tool readily available on the Internet.
I think that should end the discussion.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
