For the paranoid
Results 1 to 6 of 6

Thread: For the paranoid

  1. #1
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,883

    For the paranoid

    For those who are paranoid about the alleged "hacking" attack coming up this weekend, here is a link to the IIS security rollup download site. The package release is dated May 28th 2003.

    http://support.microsoft.com/?kbid=811114

    --TH13
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  2. #2
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,403

    Re: For the paranoid

    Originally posted here by thehorse13
    The package release is dated May 28th 2003.
    Which means it should have been installed ages ago
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  3. #3
    AntiOnline Senior Member souleman's Avatar
    Join Date
    Oct 2001
    Location
    Flint, MI
    Posts
    2,884
    most of the sites that are going to be hit are large hosting services that run a couple hundreaed vhosts on 1 machine so that it can be a mass attack all at once. Hitting one site at a time and you will never have a chance to win.

    Stupid freaking look, I have the most scripts and know how to run them best contest.
    \"Ignorance is bliss....
    but only for your enemy\"
    -- souleman

  4. #4
    Senior Member
    Join Date
    Jan 2002
    Posts
    1,207
    The most worrying thing is, for the people who are just installing that IIS rollup patch now, that their system has probably already been cracked, and some kiddie out there is just waiting for the 6th of July to wander in through the back door they've left for themselves, and deface your site.

  5. #5
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,883
    Yeah, I agree. If you are vigilant about securing your internet-facing boxes then this little contest is meaningless.

    I know that I'm not going to lose sleep over it I'm worried about the guys/gals who DON'T announce to the world what their intentions are.

    This whole thing wreaks of those fuc*ing e-mails that you get that warn you about the very scary new super virus that Microsoft found and you should forward the info to all your friends immediately. The way I see it, the announcement of the contest in itself is the attack. Think about it, they announce it on a holiday weekend. They tell you the parameters of the attack. The media who now knows that hacking is a sure winner for news stories jumps on this and acts just like the stupid end user who forwards the super virus e-mail.

    [soap box dismounted]

    LOL
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  6. #6
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,403
    Yeah slarty. Talk about a false sense of security.

    What's also worrying is that there are still ppl running apache with an old and vulnerable openssl version. I also see a slight rise in SSL2 masterkey overflow attempts. Anyone else seen this too?
    Oliver's Law:
    Experience is something you don't get until just after you need it.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides