http://it.mycareer.com.au/breaking/20010417/A36944-2001Apr17.html
Tuesday, April 17, 2001, 15:17
By BARRY PARK, FAIRFAX IT
More than 70 per cent of Australian e-commerce websites running
Microsoft's Internet Information Server software are open to
compromise, a paper presented to an online magazine has suggested.
An article in the latest edition of Australian hacker magazine
Infosurge and written by a hacker known as black-hand said some quick
scans of Australian e-commerce servers using an IIS backend showed
that over 70 per cent of e-commerce Web servers ... had security holes
that would allow full compromise of data.
In another result, I rounded up every bank in Australia running IIS
and found that over 50 per cent of these where vulnerable, allowing
reading of any file on the system, black-hand wrote.
The e-commerce sites that were found to have security holes include
some very large names in terms of Australian-based e-commerce
operations.
The article says many of the vulnerable websites would often have
their front end servers relatively patched while backend servers were
left wide open.
Quite often these other servers are handling a lot of the work, and
for some reason are overlooked when it comes to updates and patches.
With the amount of servers out there that are vulnerable to such
easy-to-exploit holes, I can only be surprised that there isn't a lot
more public news about intrusions or disclosures of information, the
article warns.
The article, titled IIS Security, shows a number of common exploits
crackers use to gain access to a vulnerable system.
ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV@SecurityFocus.com with a message body of
"SIGNOFF ISN".
Received on Wed Apr 18 01:14 CDT 2001