«

www.consumer.org.nz was infected by a worm last weekend and it could
have infected others. They pulled the site and replaced it with a
temporary site pending security checks etc.

I suppose they were running Windows on the web server, or it was a
very skilled attack.

peterwn wrote:
> www.consumer.org.nz was infected by a worm last weekend and it could
> have infected others. They pulled the site and replaced it with a
> temporary site pending security checks etc.
>
> I suppose they were running Windows on the web server, or it was a
> very skilled attack.

IIS 5.0

On Jul 11, 10:15 pm, EMB <emb...@gmail.com> wrote:
> peterwn wrote:
> >www.consumer.org.nzwas infected by a worm last weekend and it could
> > have infected others. They pulled the site and replaced it with a
> > temporary site pending security checks etc.
>
> > I suppose they were running Windows on the web server, or it was a
> > very skilled attack.
>
> IIS 5.0

(sigh) Thanks - it makes one weep - why cannot they see the LAMP.

> I have seen s loads of sites that were vulnerable to php exploits.
> and injection attackes are very common on MySQL. My advice...
> Use whatever technology you have most expertise in but build into
> your cost model frequent patching and regular scans of both
> infrastructure and applications.

Absolutely, ANY system not maintained is venerable.

On Jul 12, 11:13 am, Tony
<tonysusenetemailaddress.removethisb...@tonyw.co m> wrote:
> > I have seen s loads of sites that were vulnerable to php exploits.
> > and injection attackes are very common on MySQL. My advice...
> > Use whatever technology you have most expertise in but build into
> > your cost model frequent patching and regular scans of both
> > infrastructure and applications.
>
> Absolutely, ANY system not maintained is venerable.

The site would not use php, it would use asp. Moreover indications
are that it was an automated attack and compromised the Windows kernel
as distinct from a php type, injection, etc attack.
Agreed that LAMP stacks are vulnerable to php or cgi.bin or injection
attacks but these AFAIK cannot be readily automated (compared with
attacks on Windows) and even if such an attack is successful, a second
'root' attack is needed to completely hijack the machine.

Regardless of circumstances, this attack would be causing the
Consumers Institute grave embarassment, significant cost and loss of
goodwill. The 'powerswitch' site is also affected. It is rare indeed
that people end up with 'infected' computers when visiting reputable
web sites.

The risk cost of such attacks including cleanups etc is not factored
into the TCO studies that Microsoft friendly consultants bandy around
or that Microsoft salespeople dicuss with CEO's, directors etc on golf
courses or in gentlemens clubs - I mean the sort of salespeople who
find it easier to contact a company CEO than the company's IT manager
can contact the CEO.

On 2008-07-11, Tony <tonysusenetemailaddress.removethisbit> wrote:
>> I have seen s loads of sites that were vulnerable to php exploits.
>> and injection attackes are very common on MySQL. My advice...
>> Use whatever technology you have most expertise in but build into
>> your cost model frequent patching and regular scans of both
>> infrastructure and applications.
>
> Absolutely, ANY system not maintained is venerable.

Any syste

ChrisOD wrote:
> On 2008-07-11, Tony <tonysusenetemailaddress.removethisbit> wrote:
>>> I have seen s loads of sites that were vulnerable to php exploits.
>>> and injection attackes are very common on MySQL. My advice...
>>> Use whatever technology you have most expertise in but build into
>>> your cost model frequent patching and regular scans of both
>>> infrastructure and applications.
>> Absolutely, ANY system not maintained is venerable.
> No Tony even relatively young systems can be vulnerable
> 'tis you and I that are venerable
>

Hmm, should have looked closer at the spell check on that one !