Hosting Provided By

Re: /Rpc virtual directory in IIS - How did it get there?

From: Frank Knobbe <fknobbe(at)knobbeits.com>
Date: Sat Dec 07 2002 - 22:33:12 EST

On Wed, 2002-12-04 at 21:08, sjr@hushmail.com wrote:
> [...] Plus, we only allow SSL/TCP 443 traffic to it from the Internet, which generally wards off the most common IIS attacks.
> [...]

meeep .... wrong.

SSL doesn't ward off attacks. Some worms that don't use SSL may not be able to get you, but SSL does nothing for security vulnerabilities, i.e. it doesn't make you not vulnerable against Unicode et. al.

You can still run exploits over SSL and hack a box. One just needs to rig the attack scripts to use SSL, that's all. Don't think that because you are using SSL, you are secure.

Regards,
Frank

application/pgp-signature attachment: This is a digitally signed message part

Received on Mon Dec 9 12:14:52 2002

Do you need help?

This message: [ Message body ]
Next message: Marc Fossi: "SecurityFocus Microsoft Newsletter #116"
Previous message: sjr(at)hushmail.com: "Re: /Rpc virtual directory in IIS - How did it get there?"
In reply to sjr(at)hushmail.com: "/Rpc virtual directory in IIS - How did it get there?"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:25 EDT