[ISN] Australian e-commerce sites insecure: paper

From: InfoSec News (isnat_private)
Date: Tue Apr 17 2001 - 22:56:59 PDT

  • Next message: InfoSec News: "[ISN] Anti-Hacking premiums 25% higher for Win NT"

    Tuesday, April 17, 2001, 15:17
    More than 70 per cent of Australian e-commerce websites running
    Microsoft's Internet Information Server software are open to
    compromise, a paper presented to an online magazine has suggested.
    An article in the latest edition of Australian hacker magazine
    Infosurge and written by a hacker known as black-hand said some quick
    scans of Australian e-commerce servers using an IIS backend showed
    that over 70 per cent of e-commerce Web servers ... had security holes
    that would allow full compromise of data.
    In another result, I rounded up every bank in Australia running IIS
    and found that over 50 per cent of these where vulnerable, allowing
    reading of any file on the system, black-hand wrote.
    The e-commerce sites that were found to have security holes include
    some very large names in terms of Australian-based e-commerce
    The article says many of the vulnerable websites would often have
    their front end servers relatively patched while backend servers were
    left wide open.
    Quite often these other servers are handling a lot of the work, and
    for some reason are overlooked when it comes to updates and patches.
    With the amount of servers out there that are vulnerable to such
    easy-to-exploit holes, I can only be surprised that there isn't a lot
    more public news about intrusions or disclosures of information, the
    article warns.
    The article, titled IIS Security, shows a number of common exploits
    crackers use to gain access to a vulnerable system.
    ISN is hosted by SecurityFocus.com
    To unsubscribe email LISTSERVat_private with a message body of

    This archive was generated by hypermail 2b30 : Tue Apr 17 2001 - 23:12:15 PDT