funsec mailing list archives
Re: 500,000 Windows web servers hosed
From: "Larry Seltzer" <larry () larryseltzer com>
Date: Fri, 25 Apr 2008 20:29:23 -0400
Krebs seems to be wrong about this being an IIS vulnerability, particularly the token privilege escalation thing. See http://hackademix.net/2008/04/26/mass-attack-faq/ for an explanation of what's happening; that author calls it sort-of-kind-of a vulnerability because "this mass automated epidemic is due to specific features of Microsoft databases, allowing the exploit code to be generic, rather than tailored for each single web site." Larry Seltzer eWEEK.com Security Center Editor http://security.eweek.com/ http://blogs.pcmag.com/securitywatch/ Contributing Editor, PC Magazine larry.seltzer () ziffdavisenterprise com -----Original Message----- From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] On Behalf Of Rich Kulawiec Sent: Friday, April 25, 2008 7:38 PM To: funsec () linuxbox org Subject: [funsec] 500,000 Windows web servers hosed Brian Krebs of the Washington Post: Hundreds of Thousands of Microsoft Web Servers Hacked http://blog.washingtonpost.com/securityfix/2008/04/hundreds_of_thousands _of_micro_1.html Further commentary: 500 Thousand MS Web Servers Hacked http://it.slashdot.org/article.pl?sid=08/04/25/1358234 ---Rsk _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- 500,000 Windows web servers hosed Rich Kulawiec (Apr 25)
- Re: 500,000 Windows web servers hosed Larry Seltzer (Apr 25)
- <Possible follow-ups>
- Re: 500,000 Windows web servers hosed Paul Ferguson (Apr 25)