[LINK] More IIS Horror Stories
Grant Bayley
gbayley@ausmac.net
Mon, 5 Nov 2001 12:12:31 +1100 (EST)
On Mon, 5 Nov 2001, Glen Turner wrote:
> Malcolm Miles wrote:
>
> > So they connected an operating system with a known vulnerability
> > to the Internet where packets exploiting the vulnerability are
> > running rampant and the server got infected. Well surprise,
> > surprise. Exactly what was this outstanding bit of research
> > meant to tell us?
>
> That the "install/deploy" methodology is wrong. The user
> has done the Right Thing, it's the computer that has done
> the wrong things and that design fault needs to be fixed.
>
> One obvious suggestion is for Internet-connected servers
> to check an Internet-hosted database for known exploits and
> do not activate that component, perhaps offering to patch
> the software.
In other words, "fail closed' rather than "fail open".
Grant