home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Hacks & Cracks
/
Hacks_and_Cracks.iso
/
hackersclub
/
km
/
news
/
1996
/
aug
/
hack8.txt
< prev
Wrap
Text File
|
1998-03-25
|
2KB
|
49 lines
Hacker Alert Sounded:
By Nick Wingfield
August 8, 1996, 5:45 p.m. PT
A newsletter devoted to bug reports sparked a
hacker scare today by reporting that Microsoft's
Web servers are vulnerable to attacks, but
company officials downplayed the threat because
the security problem is a rare one that results from
improper server configuration.
BugNet reported that two Microsoft Web
servers--the FrontPage Personal Web Server and
Internet Information Server--contain holes that
could make them insecure, including a breach that
would make it possible for hackers to reformat
server hard drives.
The report by BugNet warns users against
configuring the Microsoft servers in a way that
could open those holes. That, however, could
happen only if Web administrators do something
they're not supposed to do: putting a Perl
interpreter and scripts--software that is often used
to connect Web servers to databases--in a Web
server's "cgi-bin" directory.
If an administrator makes this mistake and this gets
discovered by a hacker, that person could run a
program available on the Net called Latro and
open the door for malicious Net surfers to execute
potentially damaging commands on the server.
Microsoft officials pointed out that this problem is
true of all Windows Web servers, not just theirs.
They also asserted that the vast majority of
Webmasters know that this server set-up is a
no-no. "This is not a bug," declared Mike Angiulo,
program manager at Microsoft.
Still, the Computer Emergency Response Team
issued a more general alert May 29 that did not
mention any specific companies but warned
against setting up Web servers with Perl programs
in the wrong directories.
Copyright ⌐ 1996 CNET Inc. All rights reserved.