NIPC Warns Of E-Commerce Vulnerabilities

← Back to Stories (view on slashdot.org)

NIPC Warns Of E-Commerce Vulnerabilities

Posted by ryuzaki0 on Saturday December 2, 2000 @09:07PM from the hack-and-slash-attack dept.

SueZVudu writes: "In an announcement yesterday, the National Infrastructure Protection Center said that there has been an increase in hacker activity aimed at US e-commerce sites. They're mainly exploiting three known vulnerabilities in Windows NT systems, but Unix systems have been targeted as well. Basically, they point out the holes in MicroSoft's SQL system and warn that such attacks are on the rise. You can see the story here." There've been a number of stories like this lately -- not just Microsoft, but the number of attacks is continuing to rise, and some people have been talking about more CERT^[?]s regarding "super" DDOS^[?] attacks.

2 of 78 comments (clear)

Min score:

Reason:

Sort:

Old issue by Calle+Ballz · 2000-12-02 16:15 · Score: 5

The NIPC is way behind the times. These exploits have been out for a while now, they are nothing new. Just because a certain ammount of sites are getting hit just recently doesn't mean that extra precaution should be made now. The precautions should have been taken a long time ago. Microsoft can put out some pretty secure stuff if the gaping holes like the MDAC vulnerability are closed. They forgot an even bigger IIS vulnerability as well. The new UNICODE vulnerability affects IIS 4.0 and IIS 5.0. It's the easiest vulnerability that I have seen yet. http://target/scripts/..%c0%af../winnt/system32/cm d.exe?/c+dir. Sorry to come off strong, but if people would just pay attention to the resources out there like www.securityfocus.com then articles like these wouldn't be so common.......dick
I see a different trend... by SupahVee · 2000-12-02 16:52 · Score: 5

I dont think that the problem lies with bigger and badder vulnerabilities, it lies with the fact that the people who are admin'ing these servers have not paid their dues properly.
Hear me out on this one.
The industry has been so cheapened by the fact that any yahoo that can read a book can pass an MCSE exam and get a 70k/yr job doing admin work on so-called "high-end" NT servers. When in reality this is like sending a kid who just got his driver's license at 16 to run the Indy 500. No driver's license or MCSE certificate can substitute for real world experience at the helm.
And that comes out over time when you have inexperienced people out there. Common, fairly simple bugs and holes which come about through the normal life of software, become more serious when you don't have people with experience to handle them properly and do simple things like, say, remove the default configuration on software that is wide open like wu-ftpd and IIS. (Not to pick on any OS in particular, there)
I think the NIPC warning just signifies from them what most of us (/.'ers and the like) have known for quite some time, that vulnerabilities are more serious when you don't have qualified people to take care of them

--
"See, we plan ahead! That way, we never have to do anything now."