Is someone trying to give NT a bad name to slow down its
unbelievable acceptance as an application server. Thats what this sounds
like to me, and what about a CERN server running on NT. Does CERN even run
on NT? I know there are https servers for NT that are based on CERN, but
CERN ????
>Rich,
>
>Let me admit up front that I am highly skeptical that an NT server could
>be "compromised" in the manner you describe. However, as the
>administrator of four Web sites, all running NT server, I feel it would
>be irresponsible for me to dismiss your claim without further
>investigation. We all know that UNIX is full of holes which are
>regularly breached by 'wiley hackers' from time to time. Indeed, the
>last time I looked at the security problems detected by the good folks at
>Carnegie-Mellon, all such problems related to UNIX servers.
>
>So at the risk of being totally embarrassed by my ignorance or blind
>faith in the Microsoft's propaganda, I would greatly appreciate your
>providing me with some documentation of this successful breach of NT's
>security. As far as I know, the only way this could happen is if one of
>the NT administrators did something incredibly dumb -- like exposing his
>password to the whole world via FTP, or RASing in with no encryption
>required, etc. If I'm wrong, I will be embarrassed but will learn an
>extremely valuable lesson ... :-(
>
>Regards,
>Roy B.
>
>On Sun, 17 Sep 1995, Rich wrote:
>
>> Thought I would throw this out for a bit of discussion...
>>
>> Recently, a friend of mine who runs a IAP/ISP company (about 600 customers
>> so far) was 'compromised' on an NT server for his home page. (I did NOT set
>> up his security/firewall, otherwise this would not have happened :-) )
>>
>> At anyrate, the jist of it was his home page was "altered" through a
whole in
>> the cern server which ran on the outside. What was altered?? The prices for
>> access to his services!!!!!
>>
>> This might have gone on "undetected" for quite some time, however, he had to
>> make a change to the page due to an AREA code change (sometimes the phone
>> company can provide a real use) and he pulled the old one up to edit. He
then
>> noticed that the prices had been increased by $20-30 per month for dialup
access
>> and by almost $50 for isdn and I won't even mention the leased line
prices, but
>> they were HIGH!
>>
>> What are the odds that the author checks all his/her pages often enough
to catch
>> something like this, and this brings to light a question....
>>
>> How can you protect yourself from "altered" information? I mean what if
someone
>> had changed his page to load pornographic images or slanderous comments?
Who is
>> responsible? A tough call I know.
>>
>> I am now checking my home pages at least weekly! (ALL OF THEM!)
>> cheers....
>> Rich Fitzgerald
>>
>> p.s. the hole in the cern server is now plugged... (we hope)
>> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
>> ** Remember -- Life is NOT a dress rehearsal!
>> (nor is it a small furry animal with funny feet and floppy ears...)
>>
>>
>
>
Follow-Ups:
|
|
