Members
  • Total Members: 14176
  • Latest: toxxxa
Stats
  • Total Posts: 42863
  • Total Topics: 16072
  • Online Today: 1543
  • Online Ever: 51419
  • (01. January 2010., 10:27:49)









Author Topic: Microsoft tells hackers how to take apart its IIS  (Read 3350 times)

0 Members and 1 Guest are viewing this topic.

Amker

  • SCF Global Moderator
  • *****
  • Posts: 1076
  • KARMA: 22
  • Gender: Male
    • SCforum.info
Microsoft tells hackers how to take apart its IIS
« on: 08. June 2007., 20:31:14 »
MICROSOFT IS showing all comers how to hack into its Internet Information Server and is not giving any hints how to work around the problem.
The Vole says an exploit, which was discovered on December 15, 2006, and made public at the end of May, is actually a feature.

Apparently versions 5.x allow bypass of basic authentication by using the "hit highlight" feature. The hit-highlighting feature can be used by an unauthorised user to nick documents.

The Internet Storm Centre says that hackers have not used this exploit to take over systems to date, that could well change. Especially now we've told them about it.

The Vole has written up the problem in its Knowledge Base article 328832. Apparently, hit-highlighting with Webhits.dll only relies on the Microsoft Windows NT ACL (Access Control List) configuration on 5.x versions.

Security experts are a bit stunned at the Volish attitude. Rather than supply a patch or workaround, Microsoft published six steps to reproduce the exploit. In otherwords Vole is telling the world how to exploit products being used by their customers.

The official Volish line is that all users should upgrade to IIS (Internet Information Services) version 6.0 running on Microsoft Windows Server 2003. IIS 6.0 significantly increases Web infrastructure security.
# Online Anti-Malware Scanners: http://scforum.info/index.php/topic,734.0.html

Samker's Computer Forum - SCforum.info

Microsoft tells hackers how to take apart its IIS
« on: 08. June 2007., 20:31:14 »

 

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.scforum.info:

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising