Yes but then we get these threads bitching about MS IIS instead of Crappy web page asp product X
On Tue, Jun 15, 2010 at 4:17 PM, Ziots, Edward <[email protected]> wrote: > Problem is that its not IIS in itself that is the problem is the > web-application running on IIS that doesn’t sanitize its input that is the > problem, that and probably using an Database user account with too much > privileges to access the backend, plus no auditing on the database backend > to track what is being viewed, and on and on… > > > > Too bad it takes mass hacks like these to get some peoples attention to the > matter, often too late, after they have been 0wned….. > > > > Z > > > > Edward Ziots > > CISSP,MCSA,MCP+I,Security +,Network +,CCA > > Network Engineer > > Lifespan Organization > > 401-639-3505 > > [email protected] > > > > From: Andrew S. Baker [mailto:[email protected]] > Sent: Tuesday, June 15, 2010 5:46 PM > To: NT System Admin Issues > Subject: Re: Time to verify your IIS setup > > > > More important to me is, "How many discrete managers of IIS > systems/environments does this represent?" > > > > I mean, on one level, if a single ISP hosting 500 discrete sites for clients > is a victim, that's not exactly the same thing as those 500 clients failing > to manage this risk. > > > > On the other hand (and from a more practical standpoint), they're still > victims just the same... > > -ASB: http://XeeSM.com/AndrewBaker > > On Tue, Jun 15, 2010 at 5:38 PM, Sam Cayze <[email protected]> wrote: > > Dang. > I was just curious... > > How many IIS sites are there in the world? Roughly 780K. So if the > Sucuri.net's 111K number is accurate, that's about 1 in 7 IIS sites that > are affected. > Yikes. > > Source: > http://news.netcraft.com/archives/category/web-server-survey/ > > (most places on my search pointed to NetCraft having the most accurate > results). > > Sam > > > > > On Wed, Jun 9, 2010 at 3:43 PM, Kurt Buff <[email protected]> wrote: >> about 111,000 sites infected >> >> http://isc.sans.edu/diary.html?storyid=8935 > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > > > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
