Linked by Thom Holwerda on Mon 28th Apr 2008 19:22 UTC, submitted by Hakime
Last week, The Washington Post reported that hundreds of thousands of IIS webservers were hacked. Code was placed on them that installed malware on visitors' computers. Among the infectees were websites from the UK government and the United Nations. Initial reports said the attackers used a security vulnerability in Microsoft's IIS, but the company published more information on the attacks today, and denies IIS was compromised.
Thread beginning with comment 312146
To view parent comment, click here.
To read all comments associated with this story, please click here.
To view parent comment, click here.
To read all comments associated with this story, please click here.
Recent Original Stories
Recent Comments
Headlines
Random Comments
Random Stories
Random OS Link
Member since:
2005-07-06
Or - at the *very* least - create a DB user with read-only permissions for the publicly-accessible portions of a web-based app (no write privs. == injection no worky).