Microsoft IIS Causes Problems for ICQ
Crackers sneak in through unsecured IIS ports
ERROR: Random File Unopenable
The file was not found on your file system. This means that it has either not been created or the path you have specified in $trrandom_file is incorrect.
ICQ Servers Cracked Through Hole In Microsoft IISby Dave Murphy
ICQ software uses the Microsoft IIS webserver, which has numerous reported security holes. "This has more holes than Swiss cheese," said Mark Read, systems security analyst for computer security company MIS Corporate Defence Solutions. "It seems that Microsoft doesn't understand the terms of bounds checking--I strongly suspect that within the next couple of weeks another hack of this system will be found."
The two vulnerabilities that were targeted were the index server buffer overflow and the remote printer overflow. Microsoft has released patches for both of these holes; however, AOL's system administrators had not followed Microsoft's recommended update procedures. (AOL owns ICQ.)
Dave's OpinionSecurity patches are released for a reason. System administrators must keep up on what's available and make sure the appropriate updates are immediately installed.
Call for CommentsWhat do you think? Leave your comments on the message center.
Previous issues are on our website at http://itrain.org/itinfo/.
International Association of Information Technology Trainers
Copyright © 2001 International Association of Information Technology Trainers, Ltd., All Rights Reserved