After the story broke on Sunday morning, Zone-H contacted the cracker / defacer for more details about the defacement. Here is the write-up by MW.
It would appear that the defacer used a 0-day in a .net nuke script to gain enough access to the server to upload the new website. So, it sounds like it wasn't caused by a new IIS 6.0 o-day.
However, this does illustrate a very good security point. Every open port or installed piece of software is an attack point. It doesn't matter if you are running Linux, FreeBSD, OS X or even Windows 2003 sever.
The server may be secured up the ying-yang but if you install a vulnerable application on top of it...you are toast - no really....Maillard reaction even....
Defense in depth - it isn't just a new catchy security buzz word, it saves your ying-yang.
No comments:
Post a Comment