[iwar] [fc:Survey.reveals.one.in.nine.IIS.servers.could.be.taken.over.by.hackers]

From: Fred Cohen (fc@all.net)
Date: 2001-11-06 16:17:27


Return-Path: <sentto-279987-3795-1005092243-fc=all.net@returns.groups.yahoo.com>
Delivered-To: fc@all.net
Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Tue, 06 Nov 2001 16:18:07 -0800 (PST)
Received: (qmail 22407 invoked by uid 510); 7 Nov 2001 00:16:27 -0000
Received: from n23.groups.yahoo.com (216.115.96.73) by 204.181.12.215 with SMTP; 7 Nov 2001 00:16:27 -0000
X-eGroups-Return: sentto-279987-3795-1005092243-fc=all.net@returns.groups.yahoo.com
Received: from [10.1.4.53] by n23.groups.yahoo.com with NNFMP; 07 Nov 2001 00:17:24 -0000
X-Sender: fc@red.all.net
X-Apparently-To: iwar@onelist.com
Received: (EGP: mail-8_0_0_1); 7 Nov 2001 00:17:23 -0000
Received: (qmail 46707 invoked from network); 7 Nov 2001 00:17:23 -0000
Received: from unknown (216.115.97.171) by m9.grp.snv.yahoo.com with QMQP; 7 Nov 2001 00:17:23 -0000
Received: from unknown (HELO red.all.net) (65.0.156.78) by mta3.grp.snv.yahoo.com with SMTP; 7 Nov 2001 00:17:23 -0000
Received: (from fc@localhost) by red.all.net (8.11.2/8.11.2) id fA70HRp17997 for iwar@onelist.com; Tue, 6 Nov 2001 16:17:27 -0800
Message-Id: <200111070017.fA70HRp17997@red.all.net>
To: iwar@onelist.com (Information Warfare Mailing List)
Organization: I'm not allowed to say
X-Mailer: don't even ask
X-Mailer: ELM [version 2.5 PL3]
From: Fred Cohen <fc@all.net>
X-Yahoo-Profile: fcallnet
Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com
Delivered-To: mailing list iwar@yahoogroups.com
Precedence: bulk
List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com>
Date: Tue, 6 Nov 2001 16:17:27 -0800 (PST)
Reply-To: iwar@yahoogroups.com
Subject: [iwar] [fc:Survey.reveals.one.in.nine.IIS.servers.could.be.taken.over.by.hackers]
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

Survey reveals one in nine IIS servers could be taken over by hackers 
By Sam Costello, InfoWorld, 11/5/2001
<a href="http://www.infoworld.com/articles/hn/xml/01/11/02/011102hnsurvey.xml">http://www.infoworld.com/articles/hn/xml/01/11/02/011102hnsurvey.xml>

ONE IN NINE servers running Microsoft's IIS (Internet Information
Services) has software installed on it that would allow attackers to
take complete control of the system, according to a new survey by Web
server information firm Netcraft.

The survey, conducted last month, found that 11 percent of all queried
servers running IIS have the "root.exe" hacking program installed on
them. That figure is up from the 8.5 percent found in September.

Netcraft, based in Bath, England, sends a monthly automated query to
servers to discover information such as what software runs the server,
what average server uptime is, and what security flaws are present in
servers.

The October survey drew data from 33.1 million Web sites.

IIS security has come under particular scrutiny in recent months, as at
least half a dozen serious security flaws in IIS have been discovered
since January and two major Internet worms, Code Red and Nimda, have
exploited those flaws to infect hundreds of thousands of IIS systems
worldwide.

Although patches have been issued for all those security holes, not all
vulnerable systems have had the patches applied, so both worms were able
to cause substantial inconvenience and even forced some companies
offline.

A new Nimda worm appeared Tuesday, exploiting the same flaws as the
first Nimda, which had evidently not been patched on many servers.

The presence of four other IIS security flaws rose from September to
October, the survey found.

The "Administration pages accessible" hole was present on 25 percent of
machines, up from 17 percent in September; the "Sample pages and
scripts" problem jumped from 17 percent to 26 percent of systems; the
"Server paths revealed" flaw was found on 10 percent of systems, up from
8.5 percent; and 2.5 percent of systems were vulnerable to the Code Red
worm, up from zero the month before.

The survey also found that a number of Web sites had moved from using
IIS to competitor's products.

Over the course of the month, more than 1,500 sites moved from IIS to
Zeus Technology's Web server and more than 1,700 moved to Netscape
Communications' server. Open-source server Apache also gained
substantial share, Netcraft said.

Netcraft also noted that a number of vendors offered promotions and
discounts to entice IIS users to their products.

Sam Costello is a Boston-based correspondent for the IDG News Service,
an InfoWorld affiliate.

------------------------ Yahoo! Groups Sponsor ---------------------~-->
Universal Inkjet Refill Kit $29.95
Refill any ink cartridge for less!
Includes black and color ink.
http://us.click.yahoo.com/XwUZwC/MkNDAA/ySSFAA/kgFolB/TM
---------------------------------------------------------------------~->

------------------
http://all.net/ 

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ 



This archive was generated by hypermail 2.1.2 : 2001-12-31 20:59:59 PST