Re: IIS Hack : Anyone explain cause...

From: Team Macromedia (nospam_at_nospam.com)
Date: 07/24/04

• Next message: Team Macromedia: "Re: IIS Hack : Anyone explain cause..."
• Previous message: Team Macromedia: "Re: IIS Hack : Anyone explain cause..."
• In reply to: David Wang [Msft]: "Re: IIS Hack : Anyone explain cause..."
• Next in thread: Team Macromedia: "Re: IIS Hack : Anyone explain cause..."
• Reply: Team Macromedia: "Re: IIS Hack : Anyone explain cause..."
• Messages sorted by: [ date ] [ thread ]

---

Date: Sat, 24 Jul 2004 11:42:41 +0100

Jeez...Apache...nah, i'll stick with IIS as on this occasion it was our
security on this machine which was lacking.

David Wang [Msft] wrote:

> Personally, once a machine has been infected by Nimda, anyone could have
> been running on the box as administrator and do anything, including
> installing rootkits, keyboard sniffers, etc. It really does not matter if
> it looks like you cleaned up the server -- if you care about security, you
> would flatten and rebuild this server immediately since it has been
> compromised. Otherwise, please do not come crying a month later saying that
> some rootkit installed on this machine sniffed your administrator password
> and someone broke into some OTHER server that you DO care about -- if you
> even find out about this in a month.
>
>
> Now, I have some counterpoint to your assessment of security.
>
>
>>to date virus scanning and b) being fully patched....but like all
>>patches..they are always released after the loophole has been exploited...
>
>
> Not true. Microsoft tries and mostly succeeds to release patches PRIOR to
> exploitation. All the famous worms had proper patches released
> weeks/months/years prior to exploitation. The problem tends to be that
> users install the patches FAR later -- thus it only seems like patches are
> released after being exploited. We realize that there is often a legitimate
> reason for the lag, so we will hard to fix this issue. Of course, it is
> currently an arms race between hackers and software vendors on who wins an
> in-the-wild exploit, but people have to realize that software security is
> not just about software.
>
>
>>problem....I do however disagree about the whole if your patched your
>>protected rant as we all know that IIS and indeed lots of software has
>>problems - IIS more than anything else has been plagued with errors and
>>bugs...
>
> I am not denying that prior to IIS6, IIS had a lot of bugs which makes
> server maintenance a challenge, but people have certainly been able to run
> IIS5 successfully in large numbers.
>
>
>>this is why a whole host of patches have recently been released
>>and with one on the way next week it does make you wonder how secure is
>>secure......maybe switching it off is the safest bet....?
>
>
> Fact is, all software has errors and bugs; servers that face the Internet
> has a special requirement in that errors can be remotely exploited and thus
> patches are required. No software is immune.
>
> Sure, you can try and run Apache with your current standards -- and I'll bet
> that you will get hacked twice as fast since Apache is the most hacked and
> defaced server on the Internet and requires even more patches.
>
>
> Security depends on proper software, proper configuration, and proper
> education. The perfect software, if misconfigured, can be exploited. Even
> if you had perfect software AND it was perfectly configured, if someone
> leaves the door open to the server closet and tapes the administrator
> password on the monitor, can also be exploited... so do not just focus on
> the software. Configuration (like patch application) and education are just
> as important to maintaining security, and the user/customer is responsible
> for doing this.
>

---

• Next message: Team Macromedia: "Re: IIS Hack : Anyone explain cause..."
• Previous message: Team Macromedia: "Re: IIS Hack : Anyone explain cause..."
• In reply to: David Wang [Msft]: "Re: IIS Hack : Anyone explain cause..."
• Next in thread: Team Macromedia: "Re: IIS Hack : Anyone explain cause..."
• Reply: Team Macromedia: "Re: IIS Hack : Anyone explain cause..."
• Messages sorted by: [ date ] [ thread ]

---

Relevant Pages Re: IIS Hack : Anyone explain cause... ... it looks like you cleaned up the server -- if you care about security, ... Microsoft tries and mostly succeeds to release patches PRIOR to ... weeks/months/years prior to exploitation. ... > protected rant as we all know that IIS and indeed lots of software has ... (microsoft.public.inetserver.iis) Re: Recycler security issues on IIS server ... > latest upates to the server. ... > like to see the server put behind our firewall, ... other software, install all patches, IISlockdown, URLscan, use the correct ... the procedures you follow may vary depending on your security needs. ... (microsoft.public.inetserver.iis.security) Re: #Include with parent paths ... >> 80 open to the world, the server was compromised by Nimda. ... Install all necessary service packs/security patches. ... >> 1) Why does enabling parent paths through IIS pose a security risk? ... >> Do all security updates show up through Windows Update? ... (microsoft.public.inetserver.iis.security) Re: The clock is running down on OS X "security" ... lets see how many security "experts" on this forum will continue ... Windows file sharing on an Internet server? ... So, Michelle, where do you work as a sysadmin? ... I agree with you that any sysadmin that is worth a flip should be keeping up with current patches, ... (comp.sys.mac.advocacy) RE: Windows patch mgmt. ... from a MS SUS server, then test the patches by ... > of an Ethical Hacker to better assess the security of your ... Attend a course taught by an expert instructor with years of in-the-field ... (Security-Basics)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(16)