[LINK] Post to deliver Telstra bills online
Sat, 6 Oct 2001 09:53:47 +1000
> -----Original Message-----
> From: email@example.com [mailto:firstname.lastname@example.org]On
> Behalf Of Garry Brennan
> Sent: Saturday, 6 October 2001 8:00 AM
> To: Rowe, Joshua; email@example.com
> Subject: Re: [LINK] Post to deliver Telstra bills online
> on 3/10/01 10:18 AM, Rowe, Joshua at
> Joshua.Rowe@auspost.com.au wrote:
> > Post to deliver Telstra bills online
> > http://www.post.com.au/mediacentre/index.asp?link_id=1.332
> It would appear that this Billpay system uses Microsoft ASP
> on MS IIS on NT
> Now I think everybody on LINK has been presented with
> overwhelming evidence
> that this is about the worst option for reliable and secure
> web services and
> Is Australia Post seriously intending to win public
> confidence in this
> Tell us it ain't so, Josh
ASP and even NT can be reasonably secure - well enough to have avoided
all the recent problems - unfortunately most don't either have that
clue, the time to be vigilant, or the automagic monitoring systems in
place to watch, test and report potential problems.
NT4/IIS4's default setup is the problem - but doesn't have to remain
Most of the recent issues were already know potential problems and
even a casual nessus vuneralbility scan would haven't warned of what
Better would be to run all HTTP traffic through an application level
gateway behind a firewall (generic term) for even more scruntiny. A
live naked NT4 standalone is really doing it the hard way :(
Does anyone remember the last time x.microsoft.com got defaced?
Alternatively, AusPost could just be running Chili ASP -
Hmm... or maybe not... unless it's running some funky content switch
passing off URL paths to other servers?
Connected to www.auspost.com.au.
Escape character is '^]'.
OPTIONS * HTTP/1.1
HTTP/1.1 200 OK
Date: Fri, 05 Oct 2001 23:49:18 GMT