Re: /Rpc virtual directory in IIS - How did it get there?
From: Frank Knobbe (fknobbe@knobbeits.com)
Date: 12/08/02
- Previous message: sjr@hushmail.com: "Re: /Rpc virtual directory in IIS - How did it get there?"
- In reply to: sjr@hushmail.com: "/Rpc virtual directory in IIS - How did it get there?"
- Next in thread: Ogle Ron (Rennes): "FW: /Rpc virtual directory in IIS - How did it get there?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Frank Knobbe <fknobbe@knobbeits.com> To: sjr@hushmail.com Date: 07 Dec 2002 21:33:12 -0600
On Wed, 2002-12-04 at 21:08, sjr@hushmail.com wrote:
> [...] Plus, we only allow SSL/TCP 443 traffic to it from the Internet, which generally wards off the most common IIS attacks.
> [...]
meeep .... wrong.
SSL doesn't ward off attacks. Some worms that don't use SSL may not be
able to get you, but SSL does nothing for security vulnerabilities, i.e.
it doesn't make you not vulnerable against Unicode et. al.
You can still run exploits over SSL and hack a box. One just needs to
rig the attack scripts to use SSL, that's all. Don't think that because
you are using SSL, you are secure.
Regards,
Frank
- application/pgp-signature attachment: This is a digitally signed message part
- Next message: Marc Fossi: "SecurityFocus Microsoft Newsletter #116"
- Previous message: sjr@hushmail.com: "Re: /Rpc virtual directory in IIS - How did it get there?"
- In reply to: sjr@hushmail.com: "/Rpc virtual directory in IIS - How did it get there?"
- Next in thread: Ogle Ron (Rennes): "FW: /Rpc virtual directory in IIS - How did it get there?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
