>From the Security Wire Digest (www.infosecuritymag.com):
> *IIS PATCH COULD HAVE PREVENTED DEFACEMENT
> High-profile Web defacements of computer security firm Network
> Associates and its subsidiary McAfee in Brazil last Thursday
> could have been prevented if readily available IIS patches had
> been applied upstream at a Brazil-based service provider.
> Microsoft itself suffered two breaches of its Web site recently
> when it failed to patch one of its own IIS servers.
This source gives no more details that that.
--
KH
On Tue, 5 Dec 2000, Paul D. Robertson wrote:
> On Tue, 5 Dec 2000, Ken Hardy wrote:
>
> > I saw something on some list or other that said that the NAI
> > Brazil site was hacked through bugs in IIS. No firewall will
> > protect against in-band attacks like that. However, whereas
> > their products may be off the hook, their security procedures
> > are not; there is an available patch from MS that fixes the IIS
> > bug that was exploited, but they had not applied the fix.
>
> RDS is still the #1 vector of attack for IIS servers and the damn thing's
> been fixed for something like 2 years. There's a *lot* of brokeness out
> there, and it's a shame to see a security company fall victim to essential
> system patch issues. Do you know if it was RDS, or one of the other IIS
> canopeners?
>
> Thanks,
>
> Paul
> -----------------------------------------------------------------------------
> Paul D. Robertson "My statements in this message are personal opinions
> [EMAIL PROTECTED] which may have no basis whatsoever in fact."
> PSB#9280
>
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
