> -----Original Message-----
> From: Gary Warner [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, June 20, 2001 3:11 PM
> To: Zachary Uram
> Cc: Paul Timmerman; [EMAIL PROTECTED]
> Subject: Re: scary stuff
>
>
> Wouldn't it be nice if the LATimes did less scare-mongering
> and more fact
> gathering?
>
> http://www.newsbytes.com/news/01/166768.html
>
> > 14 June 2001 Cal-ISO Servers Compromised
> >
> > Crackers recently infiltrated two servers that were part of a
> > development network at the California Independent System Operator
> >
> > http://www.latimes.com/business/cutting/20010609/t000047994.html
> >
> > [Editor's (Murray) Note: One might well ask why systems intended
> > for the development of such a sensitive application are connected
> > to the public network at all, much less without routine security
> > measures.]
>
> [Gar's Note: One might well ask why anyone in their right
> mind would use
> IIS for anything. Currently, *ALL* IIS servers that were not
> patched in
> the past 24 hours are open to system file level access to
> hackers privy to
> the most recent buffer-run overflow. See www.eeye.com for details.]
Bollocks. If you took the basic precaution of disabling index server
script mappings, you're fine.
Henry
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
