The aim of the fundies and the Taliban is the same: reduce the society to a "paradise" of religious fundamentalism, resotring the cultural enlightenment and ideas of 7 BCE.
If that happens in the States, then the seats of learning, innovation, and production will long have moved to a more welcoming country, leaving the US, er, Jebusland, to its own devices with its well-deserved Caviar Tastes and Cat Food budget.
What makes IIS inherently more difficult to secure then Apache or any other web server?
It comes out of the box will all manner of unnecessary things turned on.
It uses OS-level functions and system calls ("tightly integrated"), so when you hack IIS, you pwn the box, too.
Apache requires you to read the documentation and crack the httpd.conf with a text editor in order to change stuff. This ensures that you are at least one evolutionary level above blind, one-armed chimp, which is the only required level to use the mouse and click-click-click on the Internets MMC configurator for IIS. At a minimum, Apache web admins are *slightly* more talented than IIS admins (unfortunately, there are lots of stupid admins out there, no matter the flavor).
It was never written for security first, but rather just doing stupid monkey tricks with IE, serving static HTML and (studder) running VB COM objects as CGIs...
Weee, another publicity-drenched waste of time
on
Hack IIS6 Contest
·
· Score: 4, Insightful
Someone should've hit the progenitors of this little "contest" upside
the head with the Garfinkle bookbefore they decided to go ahead with it.
If said book had impacted the morans' cranium, they would've realized
that such contests are useless for determining a
system's hardness. Or they'd be dead. End results are about the same.
So, let us review the possible results:
The box is hacked. Oh man, it is pwned! Guess the system wasn't so
strong after all.
(more likely) The system isn't hacked.
Does the latter scenario PROOF that the system is
hacker-proof? Is it? Nope, sorry, it isn't.
To prove that a system is unhackable, I have to demonstrate that in
every case the security will not fail. If you have a
random testing plan (i.e., a "contest"), then you'll never be sure you
touched all the scenarios or even the most likely ones.
To prove that a system is hackable, I just have to find one situation
where it can be hacked. Finito; sayonara; have a nice day.
The latter is relatively easy to do. The former is very hard (and
sometimes impossible) to accomplish. It is much easier to hold a
"contest," declare yourself the winner ("UNBREAKABLE, BABY! w00t!") and
then go sell a bunch of units to the PHBs.
Any talk about "extenuating circumstances" or "innocently accused" is just liberal claptrap. The best part (ha!) that this loonie libs keep spewing are those lies about how most offenders are known by the victims. Everyone knows it is foreigners that are doing it.
If they weren't guilty, then they wouldn't have been accused and then convicted of the crime in the first place!
you'd only really need to be worried if you planned to commit a
crime; for non-criminals there's really nothing to worry
about.
Damn those long-haired freak Founders and their crazy ideas. If only
someone would've told them that innocent men have nothing to hide, they
could've avoided making
many
unnecessary
additions to the US Constitution.
If you don't love America and follow its leaders unquesiontionably, then get the hell out!
I'd love to stay and belittle you more, but I have to go to work my second shift. Health care ain't cheap, you know, and my WalMart job doesn't quite cover the $700/month health insurance I get rom my 9-5 IT job.
~ if they became mainstream, people would find ways to get spyware on it.
That's why the mainstream web server, Apache (in use by 3x as many shops as all the others combined), has far fewer unpatched and less-severe vulnerabilities than the next closest competitor.
Popularity is not a function of hackability. Being poorly written and stupidly integrated into the low rings of the OS is.
The guy I use charges $150/hour. Reviewing a standard NDA takes about... 1 hour. As a result, I've avoided signing things that would make a paper smeared with pig feces more attractive.
Before you sign anything consult a lawyer
Think about how much money you could potentially lose because you can't show your potential future employer any samples. Is that work 150 bones?
Slashdot Mirror
If that happens in the States, then the seats of learning, innovation, and production will long have moved to a more welcoming country, leaving the US, er, Jebusland, to its own devices with its well-deserved Caviar Tastes and Cat Food budget.
Compare with people who watch Faux News: they're convinced that Osama is on the verge of attacking BFE, ND, and we're also winning the war in Iraq.
It uses OS-level functions and system calls ("tightly integrated"), so when you hack IIS, you pwn the box, too.
Apache requires you to read the documentation and crack the httpd.conf with a text editor in order to change stuff. This ensures that you are at least one evolutionary level above blind, one-armed chimp, which is the only required level to use the mouse and click-click-click on the Internets MMC configurator for IIS. At a minimum, Apache web admins are *slightly* more talented than IIS admins (unfortunately, there are lots of stupid admins out there, no matter the flavor).
It was never written for security first, but rather just doing stupid monkey tricks with IE, serving static HTML and (studder) running VB COM objects as CGIs...
Someone should've hit the progenitors of this little "contest" upside the head with the Garfinkle book before they decided to go ahead with it.
If said book had impacted the morans' cranium, they would've realized that such contests are useless for determining a system's hardness. Or they'd be dead. End results are about the same. So, let us review the possible results:
Does the latter scenario PROOF that the system is hacker-proof? Is it? Nope, sorry, it isn't.
To prove that a system is unhackable, I have to demonstrate that in every case the security will not fail. If you have a random testing plan (i.e., a "contest"), then you'll never be sure you touched all the scenarios or even the most likely ones.
To prove that a system is hackable, I just have to find one situation where it can be hacked. Finito; sayonara; have a nice day.
The latter is relatively easy to do. The former is very hard (and sometimes impossible) to accomplish. It is much easier to hold a "contest," declare yourself the winner ("UNBREAKABLE, BABY! w00t!") and then go sell a bunch of units to the PHBs.
Running IE 6 on Win XP + SP2, works just fine.
You can't spell "I seek balls" without "Pesky Liberals"!!!!111
You obviously have neither parents nor an Uncle Bob who "knows computers" but who is always ringing you up for advise.
As yet, I am but an acolyte.
Absolutely. I say we just kill them now.
Any talk about "extenuating circumstances" or "innocently accused" is just liberal claptrap. The best part (ha!) that this loonie libs keep spewing are those lies about how most offenders are known by the victims. Everyone knows it is foreigners that are doing it.
If they weren't guilty, then they wouldn't have been accused and then convicted of the crime in the first place!
Damn those long-haired freak Founders and their crazy ideas. If only someone would've told them that innocent men have nothing to hide, they could've avoided making many unnecessary additions to the US Constitution.
If there is no value, they don't need to collect it, do they?
- You've never been to court to see how the law really works
- You've never been on the receiving end of Police, ahem, "interaction" (no, traffic stops do not count).
I'm sorry to be the one to tell you that Real Life is not like "The Practice," "Law and Order," "TJ Hooker," or "CSI."Billary lover!!! Communist!!!!
If you don't love America and follow its leaders unquesiontionably, then get the hell out!
I'd love to stay and belittle you more, but I have to go to work my second shift. Health care ain't cheap, you know, and my WalMart job doesn't quite cover the $700/month health insurance I get rom my 9-5 IT job.
Popularity is not a function of hackability. Being poorly written and stupidly integrated into the low rings of the OS is.
You're new here, aren't you?
...you gotta do something to pump up your buggy, non-mainstream, insecure webserver.
That's becuz the Man has the biggest Teat you can ever suckle at!!!111
Source, please.
Only if they have some shots of the sweet, sweet udder !!!!oneone
Mandatory Battery Acid + Isopropyl Alcohol drinks for everyone! Huzzah!
Americans drink beery, watery-tasting piss.
Canadians drink watery, beery-tasting piss.
Aussies drink anything with alcohol in it.
"Officer, the girl was dead when I got here, I swear!"
The guy I use charges $150/hour. Reviewing a standard NDA takes about ... 1 hour. As a result, I've avoided signing things that would make a paper smeared with pig feces more attractive.
Before you sign anything consult a lawyer
Think about how much money you could potentially lose because you can't show your potential future employer any samples. Is that work 150 bones?
So.
Before you sign anything consult a lawyer