Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > NZ Computing > Consumer web site

Reply
Thread Tools

Consumer web site

 
 
peterwn
Guest
Posts: n/a
 
      07-11-2008
www.consumer.org.nz was infected by a worm last weekend and it could
have infected others. They pulled the site and replaced it with a
temporary site pending security checks etc.

I suppose they were running Windows on the web server, or it was a
very skilled attack.
 
Reply With Quote
 
 
 
 
EMB
Guest
Posts: n/a
 
      07-11-2008
peterwn wrote:
> www.consumer.org.nz was infected by a worm last weekend and it could
> have infected others. They pulled the site and replaced it with a
> temporary site pending security checks etc.
>
> I suppose they were running Windows on the web server, or it was a
> very skilled attack.


IIS 5.0
 
Reply With Quote
 
 
 
 
peterwn
Guest
Posts: n/a
 
      07-11-2008
On Jul 11, 10:15 pm, EMB <(E-Mail Removed)> wrote:
> peterwn wrote:
> >www.consumer.org.nzwas infected by a worm last weekend and it could
> > have infected others. They pulled the site and replaced it with a
> > temporary site pending security checks etc.

>
> > I suppose they were running Windows on the web server, or it was a
> > very skilled attack.

>
> IIS 5.0


(sigh) Thanks - it makes one weep - why cannot they see the LAMP.

 
Reply With Quote
 
Tony
Guest
Posts: n/a
 
      07-11-2008
> I have seen s loads of sites that were vulnerable to php exploits.
> and injection attackes are very common on MySQL. My advice...
> Use whatever technology you have most expertise in but build into
> your cost model frequent patching and regular scans of both
> infrastructure and applications.


Absolutely, ANY system not maintained is venerable.
 
Reply With Quote
 
peterwn
Guest
Posts: n/a
 
      07-12-2008
On Jul 12, 11:13 am, Tony
<(E-Mail Removed) m> wrote:
> > I have seen s loads of sites that were vulnerable to php exploits.
> > and injection attackes are very common on MySQL. My advice...
> > Use whatever technology you have most expertise in but build into
> > your cost model frequent patching and regular scans of both
> > infrastructure and applications.

>
> Absolutely, ANY system not maintained is venerable.


The site would not use php, it would use asp. Moreover indications
are that it was an automated attack and compromised the Windows kernel
as distinct from a php type, injection, etc attack.
Agreed that LAMP stacks are vulnerable to php or cgi.bin or injection
attacks but these AFAIK cannot be readily automated (compared with
attacks on Windows) and even if such an attack is successful, a second
'root' attack is needed to completely hijack the machine.

Regardless of circumstances, this attack would be causing the
Consumers Institute grave embarassment, significant cost and loss of
goodwill. The 'powerswitch' site is also affected. It is rare indeed
that people end up with 'infected' computers when visiting reputable
web sites.

The risk cost of such attacks including cleanups etc is not factored
into the TCO studies that Microsoft friendly consultants bandy around
or that Microsoft salespeople dicuss with CEO's, directors etc on golf
courses or in gentlemens clubs - I mean the sort of salespeople who
find it easier to contact a company CEO than the company's IT manager
can contact the CEO.
 
Reply With Quote
 
Gordon
Guest
Posts: n/a
 
      07-12-2008
On 2008-07-11, Tony <tonysusenetemailaddress.removethisbit> wrote:
>> I have seen s loads of sites that were vulnerable to php exploits.
>> and injection attackes are very common on MySQL. My advice...
>> Use whatever technology you have most expertise in but build into
>> your cost model frequent patching and regular scans of both
>> infrastructure and applications.

>
> Absolutely, ANY system not maintained is venerable.


Any syste
 
Reply With Quote
 
Tony
Guest
Posts: n/a
 
      07-12-2008
ChrisOD wrote:
> On 2008-07-11, Tony <tonysusenetemailaddress.removethisbit> wrote:
>>> I have seen s loads of sites that were vulnerable to php exploits.
>>> and injection attackes are very common on MySQL. My advice...
>>> Use whatever technology you have most expertise in but build into
>>> your cost model frequent patching and regular scans of both
>>> infrastructure and applications.

>> Absolutely, ANY system not maintained is venerable.

> No Tony even relatively young systems can be vulnerable
> 'tis you and I that are venerable
>


Hmm, should have looked closer at the spell check on that one !
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
List of free web site design, web site backgrounds, web site layoutsresources cyber XML 1 12-25-2007 11:48 PM
Free web site design, web site backgrounds, web site layoutsresources cyber HTML 0 12-24-2007 04:26 PM
List of free web site design, web site backgrounds, web site layoutsresources cyber HTML 0 12-21-2007 03:47 PM
List of free web site design, web site backgrounds, web site layoutsweb sites cyber HTML 1 12-19-2007 09:07 AM
Is it possible for web service to send out random notifications to web service consumer? Michael Fan ASP .Net Web Services 2 07-16-2004 03:40 PM



Advertisments