Spacer Sidebar Directory Map

The Technical Writer's Checklist

The Technical Writer's Checklist

 

ITrain - International Association of Information Technology Trainers

Microsoft IIS Causes Problems for ICQ

Crackers sneak in through unsecured IIS ports

ITINFO Sponsor

Website Hosting by DGL Web Hosting

Fast, unlimited hits. Secure SSL servers.
100MB web & ftp storage.
4 Apache SSL-Stronghold webservers.
Unlimited email aliasing, redirection, and autoresponders.
4 multi-homed T3 & T1 lines on the primary backbone.
24/7 Monitoring
Daily access reports
Free, fast & accurate domain registration.

host@dgl.com
DGL Super-Fast Website Hosting

Internet Poll
Have you attended a seminar via e-learning?
yes
no

poll archive

ICQ Servers Cracked Through Hole In Microsoft IIS

by Dave Murphy
ISSN 1535-3613

Dave Murphy, DGL President & ITrain founder AOL's ICQ servers were cracked this week for the second time this year. The cracking group Innocent Boys defaced the ICQ homepage and the group Men in Hack defaced the community page.

ICQ software uses the Microsoft IIS webserver, which has numerous reported security holes. "This has more holes than Swiss cheese," said Mark Read, systems security analyst for computer security company MIS Corporate Defence Solutions. "It seems that Microsoft doesn't understand the terms of bounds checking--I strongly suspect that within the next couple of weeks another hack of this system will be found."

The two vulnerabilities that were targeted were the index server buffer overflow and the remote printer overflow. Microsoft has released patches for both of these holes; however, AOL's system administrators had not followed Microsoft's recommended update procedures. (AOL owns ICQ.)

Dave's Opinion

Security patches are released for a reason. System administrators must keep up on what's available and make sure the appropriate updates are immediately installed.

Call for Comments

What do you think? Leave your comments on the message center.

References

ICQ
Microsoft
AOL
Message Center

Subscribe to ITINFO.
Receive computing and Internet news & tips
by subscribing to the ITINFO information service.
Type your Internet email address in the form, and click "Subscribe."
Email Address:

Damar Group, Ltd. helps business use technology.

ITINFO is again accepting sponsors. Sponsor messages are included in ITINFO's email newsletter and are permanently posted to DGL's website and online reference areas.

ITINFO is an electronic publication of Damar Group, Ltd., publisher of Training Express computer learning guides. Comments and submissions to info@dgl.com.

Previous issues are on our website at http://dgl.com/itinfo/.

updated June 30, 2001
http://dgl.com/itinfo/2001/it010630.html

Return to DGL homepage
Copyright © 2001, Damar Group, Ltd., All Rights Reserved