| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: pauls at utdallas.edu (Paul Schmehl) Subject: Unusual request On Thu, 2003-02-13 at 07:58, Rapaille Max wrote: > Hi, > > I did this kind of demo 2-3 times already, with a Win2k SP2 and IIS. > To add a layer, we just added a firewall between the ISS and the attacker PC .. with just Port 80 incoming and, as (too)usual, All port open for outgoing... Just using a unicode exploit, and then loading some tools, defacing web page, taking remote control, etc... A lot of fun for Us, and great astonishment for the public.. Certainly with the firewall.. A lot of them where just saying, before the demo : We are secure, our integrator installed a firewall... > BTW, we also used some tools ike unicoder.pl and Upload.asp, to demonstrate, in a second time, how easy it is, even if you don't know what you do... > > Good effect of awareness for those managers, Engineer, etc... That's precisely what I have in mind. -- Paul Schmehl (pauls@...allas.edu) Adjunct Information Security Officer The University of Texas at Dallas http://www.utdallas.edu/~pauls/ AVIEN Founding Member
Powered by blists - more mailing lists