Security Incidents mailing list archives
Re: Trojan of somesort - Update
From: Harlan Carvey <keydet89 () yahoo com>
Date: Fri, 28 May 2004 04:54:51 -0700 (PDT)
That's interesting. The last one that I looked at had been hacked through IIS, using RFP's MSACD exploit - twice - in two different months.
Well, maybe it's a matter of semantics (which is another issue all together). I don't see using RFP's MSADC exploit as being "hacking", necessarily, particularly if it's bundled in an automated fashion.
Others that I've studied were hacked through MSSQL server, because the sa password was either blank or easily guessed. One that used to get hacked constantly (until I fixed the problem permanently) was being hacked through the IIS directory traversal vulnerability.
Again, maybe it's just me, but I can't see either of these as "hacks". Using canned or scripted exploits to compromise machines via long-since-patched vulnerabilities...compromising the machine, yes. Hacking...hhhmmmm...not sure. But again, that's just me.
We did have an administrator who kept setting up an anonymous upload site and couldn't figure out how the skiddies were finding it so fast, but in our network that's been the exception rather than the rule.
There you go! ;-)
Current thread:
- Re: Trojan of somesort - Update, (continued)
- Re: Trojan of somesort - Update Paul Schmehl (May 27)
- Re: Trojan of somesort - Update Pho Man (May 27)
- Re: Trojan of somesort - Update Harlan Carvey (May 27)
- Re: Trojan of somesort - Update Harlan Carvey (May 27)
- RE: Trojan of somesort - Update James C Slora Jr (May 28)
- RE: Trojan of somesort - Update Harlan Carvey (May 28)
- RE: Trojan of somesort - Update James C Slora Jr (May 29)
- RE: Trojan of somesort - Update Harlan Carvey (May 28)
- Re: Trojan of somesort - Update Pho Man (May 27)
- Re: Trojan of somesort - Update Gadi Evron (May 28)
- Re: Trojan of somesort - Update Paul Schmehl (May 27)
- Re: Trojan of somesort - Update Paul Schmehl (May 28)
- Re: Trojan of somesort - Update Harlan Carvey (May 28)
- Re: Trojan of somesort - Update Gadi Evron (May 28)
- Changing file times, was -> Re: Trojan of somesort - Update Harlan Carvey (May 28)
- Re: Changing file times, was -> Re: Trojan of somesort - Update Gadi Evron (May 28)
- RE: Trojan of somesort - Update David Gillett (May 28)
- Re: Trojan of somesort - Update Harlan Carvey (May 28)