Re: Why not NT?

Mon, 21 Jun 1999 19:15:34 -0700 

On Sun, 20 Jun 1999, Brian Steele wrote:

> Date: Sun, 20 Jun 1999 00:23:29 -0400
> From: Brian Steele <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED]
> Subject: Re: Why not NT?
> 
> Sigh.  More FUD.
> 
> 1. There are 1.5 million sites running IIS
> 
> 2. Only a portion of these are running IIS4 (from the
>    NT Option Pack)
> 
> 3. Only a portion of (2) have left the password-changing app
>    enabled.
> 
> 4. You certainly shouldn't see the password-changing app
>    enabled on an NT box being used as a firewall.

  5. 100% of sites running IIS are running it as SYSTEM.  *cough*

> 
> 
> The attack in question is a buffer overflow attack exploit IIS, a patch for
> which is already available from MS.  

...and not a minute too soon!  ...and only once the exploit was
posted... :-)  What other security easter eggs are waiting to be found and
exploited _as SYSTEM_?!

> IIS is not an essential part of NT, but
> is provided with the NT package free of charge.

I would think that 5. is a *really* good reason to pay money for a
different web server...  "But this goes to 11..."

> 
> If you're using a buffer overflow exploit against an app as basis for not
> using NT, then no-one should be using any UNIX-based OS - see Rootshell or
> any other halfway-decent hacker's site for more info ;-).

Yes.  The app != the OS.  Of course, MS is rapidly hooking apps into the
OS that this is becoming obsolete reasoning.

> 
> Brian Steele
> 
> -----Original Message-----
> From: Bill Stackpole <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
> Date: Saturday, 19 June, 1999 11:51 PM
> Subject: RE: Why not NT?
> 
> 
> I heard on the news this morning that there are 1.5 million web sites using
> IIS that are subject to hacking by a tool readily available on the Internet.
> I think that should end the discussion.
> 
> 
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
> 


AT&T Wireless Services
IT Security
UNIX Security Operations Specialist

-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]

Reply via email to