|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: dave (dave
immunityinc.com)
Date: Mon Oct 04 2010 - 15:53:01 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
So the dotnetnuke site is down. Someone scarfed their web.config and then owned them,
and recovering is taking a while.
But this is true for very large parts of the internet now. There's nothing special
about .NetNuke. If someone grabs your web.config (or random other files on your web
server) then you are usually going to shortly be running shell.aspx - and after that,
some sort of nice kernel rootkit.
It's your basic massive break-the-internet nightmare, that Microsoft has avoided for
many years since Code Red and the rest of the big worms ran rampant on IIS. It's
interesting that this time around it's not a buffer overflow.
- -dave
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkyqPq0ACgkQtehAhL0gherY3QCeIgrJYvyiae7mcjgtunBqk3cV
BdQAmwUDPFdYS6i5euB+5rxZlozr68Ie
=xfwV
-----END PGP SIGNATURE-----
_______________________________________________
Dailydave mailing list
Dailydavelists.immunitysec.com
http://lists.immunitysec.com/mailman/listinfo/dailydave
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]