Re: /Rpc virtual directory in IIS - How did it get there?

From: Frank Knobbe (fknobbe@knobbeits.com)
Date: 12/08/02

  • Next message: Marc Fossi: "SecurityFocus Microsoft Newsletter #116"
    From: Frank Knobbe <fknobbe@knobbeits.com>
    To: sjr@hushmail.com
    Date: 07 Dec 2002 21:33:12 -0600
    

    On Wed, 2002-12-04 at 21:08, sjr@hushmail.com wrote:
    > [...] Plus, we only allow SSL/TCP 443 traffic to it from the Internet, which generally wards off the most common IIS attacks.
    > [...]

    meeep .... wrong.

    SSL doesn't ward off attacks. Some worms that don't use SSL may not be
    able to get you, but SSL does nothing for security vulnerabilities, i.e.
    it doesn't make you not vulnerable against Unicode et. al.

    You can still run exploits over SSL and hack a box. One just needs to
    rig the attack scripts to use SSL, that's all. Don't think that because
    you are using SSL, you are secure.

    Regards,
    Frank

    
    




    Relevant Pages

    • Re: OTP over SSL questions
      ... to use OTP or static passwords over SSL. ... attacks, what other attacks can OTP protect against?: ... passwords of course are more secure than static passwords, ... OTP won't protect against the success of a brute force attack, ...
      (comp.security.misc)
    • RE: Evading NIDS article posted on SecurityFocus
      ... IPS/IDS/sniffing systems that can decode SSL encrypted streams (typically by ... The following Infocus:Pen-Test article was published on SecurityFocus ... Audit your website security with Acunetix Web Vulnerability Scanner: ... Up to 75% of cyber attacks are launched on shopping carts, forms, ...
      (Pen-Test)
    • Re: SSL - Man-in-the-Middle filtering
      ... spoofed the connection?what IPS will do in tht case?discard the ... If you are looking for attacks against SSL, IPSEC, etc... ... attacks from CORE IMPACT. ...
      (Focus-IDS)
    • Re: How to check for SSL1 ?
      ... SSL connection. ... > Audit your website security with Acunetix Web Vulnerability Scanner: ... > Hackers are concentrating their efforts on attacking applications on your ... Up to 75% of cyber attacks are launched on shopping carts, forms, ...
      (Pen-Test)
    • Re: What is Meet In The Middle Attack
      ... Would SSL help to protect these two ... http://www.garlic.com/~lynn/2001m.html#41 Solutions to Man in the Middle attacks? ... http://www.garlic.com/~lynn/2002j.html#58 SSL integrity guarantees in abscense of client certificates ... http://www.garlic.com/~lynn/2003.html#52 SSL & Man In the Middle Attack ...
      (alt.computer.security)