Date: 4 May 2004 21:14:18 GMT From: Dave Hinz <davehinznospamcop.net> Subject: Re: OT- Heads Up - Sasser plug
On Tue, 04 May 2004 17:50:13 -0300, Dexter J <lamealameadingdongnospamlamelame.org> wrote: > For example - almost everyone had open port 80 on install with supporting > IIS drivers awaiting a licensed install of IIS server. This greatly eased > the detailed configuration needed to properly set up IIS to work properly > with the windows Operating System. See, but the thing is, an Apache webserver installation on a *nix or Mac, or even on a 'doze box, includes opening that port. It's scriptable, so the user doesn't even have to know they're doing it. > However, because the core drivers were > already set to run and the NIC port was/is open - but not being controlled > by a properly set-up IIS server and supporting security model - all that > was/is needed to trip an exploit is to figure out what you can bounce off > the driver and port to affect change or damage on third party machines or > the victim machine itself. Can you say "buffer overflow waiting to happen"? > Enough of this OT I agree - back to things that really matter - anyone got > a rust free 89/90 9000 5 speed/5 door with a dead engine stinking up the > place who is willing let go for a song? Still looking, eh? That '88 SPG went for rather a lot on eBay, would have done you nicely y'know. I seriously considered cashing in the 9-5 to buy it. Ah well... Dave