Latest News Stories:

• NORAD Intelligence Blackout
• Y2k -- You´re Okay
• Amiga Sold
• OSAll Plans
• The Belgians Need Our Help
• Back from Vacation
• Standards in Compsec
• NSA FOIA Request
• Happy Birthday Attrition
• More News...

Only $31.95

New Methodology:

• AS/400 Security
• Is YOUR Network Secure?
• Case Study: Stupidity of Sys Admins
• Solaris Auditing Overview
• Understanding NetBIOS
• Checking For RPC
• Sniffing FAQ
• More Soon...

Product Reviews

OSAll is starting to do weekly product reviews, to be published every single Friday.  Check out software, book and hardware reviews.

 Check it out!

Front | Methods | BBS | FAQ | Adverts | Mail | Write | Link | Shop

"Y2k, all hype, all the time."

Why the Delay?

Hologram
OSAll Staff

It´s been more than a week since eEye released an open-source exploit for use against Microsoft Internet Information Server, or IIS.  IIS is, of course, the Web serving program which runs on 90% of the Windows NT servers on the Web.

The source code was made public, along with a detailed description of how the exploit worked.  Unlike the earlier release of a similar Cold Fusion bug, however, a spout of Web defacements using the hole have not followed.

The bug, which is exploited with a simple buffer overflow trojan combination, is relatively straight-forward.  The current word on IRC is, however, that the average script kiddie has had difficulty compiling the exploit.

The speculation continues that defacements using the IIS hole will begin shortly, once the average script kiddie becomes accustomed with the code.

Don´t forget to discuss this issue on the OSAll BBSystem!

All content copyright 1998 - 99 unless book covers or otherwise noted.  Book covers copyright 1998 - 99 Amazon.com.  All OSAll-owned content may be reprinted with the following header added: "Copyright 1998 - 99 Owl Services.  Visit aviary-mag.com for computer security news and information."  Article authors retain a non-exclusive right to republish their work.   324