[Moderator: Several others have replied with like comments. Aleph brings
up a good point though. If it was custom CGI's, how would ISS find those?
Unlike other scanners, it has no easy to use custom scripting to add your
own vulnerabilities as far as I have seen.]
Reply From: Aleph One <aleph1@dfw.net>
What a load of crap this article is. It makes it seem as this Patrick
Taylor knows how HFG broken into the NYT web site yet he is only
especulating and at the same time getting some publicity for ISS.
On Fri, 18 Sep 1998, mea culpa wrote:
> Hackers often break in by exploiting security vulnerabilities associated
> with default Common Gateway Interface scripts that ship with Web servers,
> according to Patrick Taylor, director of strategic marketing at Internet
> Security Systems in Atlanta. They exploit these scripts to send a string
> of long commands to cause a buffer overflow that lets them into the
> operating system. They first give themselves an account in the system and
> then stick in a backdoor Trojan horse program such as "rootkit" to gain
> and maintain root control, he said.
>
> "CGI scripts are intended to pass commands from the Web server to
> something in the operating system, perhaps to pull database information,"
> Taylor said. "But you should get rid of these superfluous CGI scripts and
> depend on your own custom scripts."
And of curse your own custom scripts may not have buffer overflows
correct?
> The Times may have had a long struggle regaining control of its Web site
> because the latest Trojan horses are designed so well that they hide
> within the operating system, encrypted or even providing the same checksum
> as the legitimate operating system.
>
> "It's nefarious--the hacker essentially has remote administration of the
> Web server," Taylor said. "You can't rely on a backup of the machine. You
> may have to reinstall the entire operating system."
>
> By coincidence, the Times had once looked at using the ISS security gear,
> but decided not to, he said. The Times declined to discuss any aspect of
> its Web operations, saying it was "a matter of security."
"by coincidence". Heh. Nice plug. And of curse ISS's security gear would
have detected a buffer overflow in my own code of which it does not know
anything about, correct?
Aleph One / aleph1@dfw.net
http://underground.org/
KeyID 1024/948FD6B5
Fingerprint EE C9 E8 AA CB AF 09 61 8C 39 EA 47 A8 6A B8 01
-o-
Subscribe: mail majordomo@sekurity.org with "subscribe isn".
Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
Received on Sat Sep 19 10:40:52 1998