>if admins had disabled the ida/idq script mappings in
>IIS, they wouldn't have been vulnerable to Code Red,
>regardless of whether they had the patch installed or not.

Well, but wait a second. Had the script mappings not been enabled in the
first place, the admins wouldn't be faced with the task of having to disable
them. This speaks to the entire way MS does business.

Security should be the base. Ultra-security should be the goal. MS always
starts you out from a base of insecurity and then tells YOU how to fix
problems one at a time, once somebody raises a stink about the problems.

Now they're going to tell you, "Hey, don't worry about firewalling. We're
going to build a firewall right into your OS." This from the same people who
enabled ida/idq script mappings in IIS.

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]