http://it.mycareer.com.au/breaking/20010417/A36944-2001Apr17.html Tuesday, April 17, 2001, 15:17 By BARRY PARK, FAIRFAX IT More than 70 per cent of Australian e-commerce websites running Microsoft's Internet Information Server software are open to compromise, a paper presented to an online magazine has suggested. An article in the latest edition of Australian hacker magazine Infosurge and written by a hacker known as black-hand said some quick scans of Australian e-commerce servers using an IIS backend showed that over 70 per cent of e-commerce Web servers ... had security holes that would allow full compromise of data. In another result, I rounded up every bank in Australia running IIS and found that over 50 per cent of these where vulnerable, allowing reading of any file on the system, black-hand wrote. The e-commerce sites that were found to have security holes include some very large names in terms of Australian-based e-commerce operations. The article says many of the vulnerable websites would often have their front end servers relatively patched while backend servers were left wide open. Quite often these other servers are handling a lot of the work, and for some reason are overlooked when it comes to updates and patches. With the amount of servers out there that are vulnerable to such easy-to-exploit holes, I can only be surprised that there isn't a lot more public news about intrusions or disclosures of information, the article warns. The article, titled IIS Security, shows a number of common exploits crackers use to gain access to a vulnerable system. ISN is hosted by SecurityFocus.com --- To unsubscribe email LISTSERVat_private with a message body of "SIGNOFF ISN".
This archive was generated by hypermail 2b30 : Tue Apr 17 2001 - 23:12:15 PDT