ITrain Homepage

Site Directory
Membership
Train-the-Trainer
Trainer Certification
Certified Training Materials
ITinfo E-zine
Responsible Training
White Papers
Trainer Resources
What's New
Speaking Engagements
Onsite Training
ITrain Gear



Popular Links
Speaking Engagements
Training Manuals
Certification
Train the Trainer
The Training Book
Technical Writing
Privacy Policy

Print this document

Google
Web ITrain.org

Microsoft IIS Causes Problems for ICQ

Crackers sneak in through unsecured IIS ports

ITinfo Sponsor

ERROR: Random File Unopenable

ERROR: Random File Unopenable

The random file, as specified in the $random_file perl variable was unopenable.

The file was not found on your file system. This means that it has either not been created or the path you have specified in $trrandom_file is incorrect.

ICQ Servers Cracked Through Hole In Microsoft IIS

by Dave Murphy
ISSN 1535-3613

Dave Murphy, ITrain founder AOL's ICQ servers were cracked this week for the second time this year. The cracking group Innocent Boys defaced the ICQ homepage and the group Men in Hack defaced the community page.

ICQ software uses the Microsoft IIS webserver, which has numerous reported security holes. "This has more holes than Swiss cheese," said Mark Read, systems security analyst for computer security company MIS Corporate Defence Solutions. "It seems that Microsoft doesn't understand the terms of bounds checking--I strongly suspect that within the next couple of weeks another hack of this system will be found."

The two vulnerabilities that were targeted were the index server buffer overflow and the remote printer overflow. Microsoft has released patches for both of these holes; however, AOL's system administrators had not followed Microsoft's recommended update procedures. (AOL owns ICQ.)

Dave's Opinion

Security patches are released for a reason. System administrators must keep up on what's available and make sure the appropriate updates are immediately installed.

Call for Comments

What do you think? Leave your comments on the message center.

References

ICQ
Microsoft
AOL
Message Center

Subscribe to ITinfo.
Receive computing and Internet news & tips
by subscribing to the ITinfo information service.
Type your Internet email address in the form, and click "Subscribe."
Email Address:

Previous issues are on our website at http://itrain.org/itinfo/.

International Association of Information Technology Trainers
PMB 616
6030-M Marshalee Dr
Elkridge, MD 21075-5987

410.567.5366
1.888.290.6200
fax: 801.650.0423
Membership Director: member@itrain.org

Return to ITrain Homepage

Copyright © 2001 International Association of Information Technology Trainers, Ltd., All Rights Reserved

http://itrain.org/itinfo/2001/it010630.html
updated June 30, 2001