Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

security warning for ASP driven web sites

  • 16-08-2000 3:37pm
    #1
    Bard
    Registered Users, Registered Users 2 Posts: 12,309 ✭✭✭✭


    got this as part of a report from aspynews.com. thought it may be of interest.... anyone?

    ********************************************************
    WE CAN SEE YOUR GLOBAL.ASA and .ASP FILES
    WHETHER YOU LIKE IT OR NOT!

    A very kind soul Daniel Doèekal <ddoc@mia.cz> wrote me with the contents of my global.asa and suggested I should patch my server. He seemed to think the "TRANSLATE F" bug was a well-known bug. By the end of the day we were both surprised to find 90% of the ASP sites in the world vulnerable.

    Read: http://www.learnasp.com/learn/translatef.asp
    and use the script there to check if your global.asa or asp scripts are compromised.
    That article will point you to a great 4guys article where they summarized all the research and the hot-fix URL.

    He wrote a brilliant script that checks FOR the past security glitches (For example HTW, $DATA, etc.) I recommend trying @ http://security.namodro.cz/urlcheck.asp?lang=en
    to see if your servers have not been patched against earlier bugs.

    If you want to discuss cutting-edge ASP security issues join: http://www.asplists.com/aspsecurity

    *****************************************************************


    Bard
    |home page


Comments

  • #2
    spod
    Registered Users, Registered Users 2 Posts: 332 ✭✭spod


    that's what you get for installing frontpage server extensions on a production server, or running win2k without sp1...


  • #3
    sam
    Users Awaiting Email Confirmation Posts: 285 ✭✭sam


    thats what you get for trusting microsoft 'security'


  • #4
    spod
    Registered Users, Registered Users 2 Posts: 332 ✭✭spod


    What, as if most unices are secure out of the box, or vms for that matter?

    Microsoft servers can be well secured. Even in an internet environment.

    It requires *alot* of dilligence but it's possible.

    NT as an os has a far better design from a security pov then Unix.

    Implementation tends to leave certain things lacking especially when things like wsh or rds are bolted onto the os, and require alot of work to make up for these problems.

    Just because alot of NT admins are clueless doesn't mean you should bash nt itself.


  • #5
    sam
    Users Awaiting Email Confirmation Posts: 285 ✭✭sam


    i dont agree,
    NT has a far worse history of 'exploits', especially admin access if you have a login, or denial of service attacks

    as for design, how is nt's design more secure than unix's?

    a lot of unix admins are fairly clueless as well, maybe not as clueless as the average nt admin, but youd be surprised.. and
    even with "good" adminning, i still wouldnt say an nt box is "secure" in general.. microsoft have a history of only fixing exploits when everyone and their dog knows about it

    im not talking about out of the box installs, because that totally depends what distribution of unix-based os you are using.. some are ****, some are good


Advertisement