Security Incidents mailing list archives
RE: Rash of navy web site defacements
From: Andrew Thomas <andrew () unysen com>
Date: Fri, 1 Jun 2001 10:49:28 +0200
-----Original Message----- From: Jay D. Dyson [mailto:jdyson () treachery net] Sent: Thursday, May 31, 2001 7:36 PM To: Incidents List Cc: Dan Schrader Subject: Re: Rash of navy web site defacements
--snip--
Exploiting IIS isn't simply trivial. You have to tie a board across your butt to keep from falling in.
As much as everyone has knocked M$ products, IIS in particular, most of the most recently released vulnerabilities are entirely avoidable *WITHOUT* the hotfixes in question. 1 - Go through the relevant MS issued security checklist (Securing IIS4 or IIS5) 2 - Set ACL's sensibly: why would IUSR/IWAM accounts need to execute anything in the winnt\system directory, or most places for that matter? 3 - remove extension mappings for handlers you don't need 4 - remove virtual directory mappings you don't need/the like (/msadc, /scripts, ...) With these steps, while I remain open to correction, I don't see how any of the unicode, cgi double-decode or recent .printer overflows would have been easily exploitable. Take care, Andrew - Andrew Thomas office: +27 21 4889820 facsimile: +27 21 4889830 mobile: +27 82 7850166 "One trend that bothers me is the glorification of stupidity, that the media is reassuring people it's alright not to know anything. That to me is far more dangerous than a little pornography on the Internet." - Carl Sagan
Current thread:
- Re: Rash of navy web site defacements Jay D. Dyson (May 31)
- <Possible follow-ups>
- RE: Rash of navy web site defacements Andrew Thomas (Jun 01)
- RE: Rash of navy web site defacements Andrew Thomas (Jun 01)
- RE: Rash of navy web site defacements Otto . Dandenell (Jun 02)