[an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] (none) [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] (none) [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive]
 
[an error occurred while processing this directive] [an error occurred while processing this directive]
Skåne Sjælland Linux User Group - http://www.sslug.dk Home   Subscribe   Mail Archive   Forum   Calendar   Search
MhonArc Date: [Date Prev] [Date Index] [Date Next]   Thread: [Date Prev] [Thread Index] [Date Next]   MhonArc
 

Re: [MISC] Hvorfor er det mest IIS det går ud over?



Jeg vil ikke blande mig i IIS kontra Apache diskussionen, men 
blot kommentere denne her:

In <sslug@sslug> "Emil S. Hansen" <sslug@sslug> writes:

>Nej du, grunden til at IIS altid bliver ramt er at hackeren kun behøver
>skrive et exploit for at ramme alle IIS servere. Normalt når der er en
>sikkerheds fejl i et program, så indebære det noget at et buffer
>overflow skal udnyttes, dette gøres med "shellkode" som er forskellig
>fra processorfamilie til processorfamilie og fra OS til OS.

Der er sådan set rigtig nok, men der er faktisk for nylig dukket nogle
eksempler op på shell-code, der kan køre på flere forskellige
platforme. Der var en artikel i Phrack magazine for et par måneder
siden, der demonstrerede shell-kode som dækkede Linux, MIPS, SPARC
(SunOS/Solaris) og et par stykker til. "Fidusen" er at bruge nogle
instruktioner der fungerer på een platform, men er ligegyldige
(no-op's) på en anden.

I betragtning af at de fleste "hackere" hugger shell-kode fra
hinandens exploits, varer det næppe ret længe før denne teknik
begynder at blive anvendt.
-- 
Henrik Storner <sslug@sslug> 

Jeg søger job - http://www.hswn.dk/job/



 
Home   Subscribe   Mail Archive   Index   Calendar   Search

 
 
Questions about the web-pages to <www_admin>. Last modified 2005-08-10, 19:24 CEST [an error occurred while processing this directive]
This page is maintained by [an error occurred while processing this directive]MHonArc [an error occurred while processing this directive] # [an error occurred while processing this directive] *