Friday, March 9, 2001
Ars on The Big Crack -- 6:12 pm CST, Update by A.T. Hun
Ars Technica has an excellent article on the problems that lead to 40+ e-commerce/banking sites in the U.S. and countless others world-wide having their databases compromised by crackers (story). It is believed that these crackers were funded by Russian organized crime. The sad thing is that none of this had to happen. It all could have been prevented if the IS departments involved had their act together. If you rely on e-banking or e-commerce in general, you want to read this story.The Master comments: My take on this article: Arian is right . . . and wrong. Microsoft is not necessarily directly at fault for the attacks being done on businesses. They ARE at fault for the flaws in IIS and NT that hackers use to exploit their servers. People don't properly secure their servers, and don't patch them. Why? Because Microsoft releases roughly a patch a week. And every patch requires a system reboot. There is NO SINGLE TOOL to audit an NT server. So, guess what? You get to walk through their stupid KB articles, and compare version numbers to check updates. That is exquisite BS. Microsoft needs to tighten up their code review. Patches should be easy to install, and NOT require reboots. An audit tool would be a good thing.
After that is done, administrators MUST treat ANY publicly accessable server as hacker heaven. Lock it down. Run the security tools. Firewall the servers. And always be paranoid. You can't do anything less and expect to be safe.
Recent Headlines
January 5, 2015: It Returns!
August 10, 2007: SCO SUCKS IT DOWN!
July 5, 2007: Slackware 12.0 Released
May 20, 2007: PhpBB 3.0 RC 1 Released
February 2, 2007: DOOM3 1.31 Patch
January 27, 2007: Join the World Community Grid
January 17, 2007: Flash Player 9 for Linux
December 30, 2006: Darkness over Daggerford 1.2
December 19, 2006: Pocket Tunes 4.0 Released
December 9, 2006: WRT54G 1.01.1 Firmware OK with Linux/Mac
The Haus is powered by:
All original information on this website is copyright © TheHaus.Net, 1999-2005. The use of original images, text, and/or code from this website without expressed written consent is prohibited. The authors of this site cannot be held responsible for any damage, real or imagined, which comes from the use of information presented on this site. All trademarks used are the properties of their respective owners. This site is not to be used as a floatation device (but if you try, I want a video tape of it).
![[Valid RSS]](/images/valid-rss.png "Validate my RSS feed")