>Date: Sat, 08 Apr 2000 23:43:28 +0800 >From: Keith Yuen <[EMAIL PROTECTED]> >Subject: IIS's security & PKI > >Dear all, > >I am looking for some documents and web sites related with the security >of MS IIS especially in how the server support PKI's stuff. > >Anyone who can help is much appreciate. > >Cheers ! > >Keith Well, you'd rather say "MS IIS insecurity"... It has a record number of exploits, vulnerabilities and holes... Not to mention the Microsoft-characteristic bloated, slow code... I would recommend you switch to the tested, open-source FreeBSD/Apache combination. It also is safer and free. Best price/offering ratio, I swear! But, if you really are stuck with the "IIS Insecurity", you can check http://www.securiteam.com/windowsntfocus/ . There, check the archives and just make an archive search on IIS... They also have a free mailing list, so whenever some new bug/exploit appears, you can get a warning from them. Another place is NTBugtraq... http://www.ntbugtraq.com . Use and abuse, you could also try http://www.insecure.org. For tests and links, go to Els Apostols, http://www.apostols.org - they have vulnerability tests as a tool - very cool thing, also free, and you can test any PC with that. - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
