26 March 2002

FrontPage Bug Opens Microsoft Sites To Attackers Microsoft released a bulletin and patch for the buffer overflow flaw, which allows attackers to run code of their choice on a vulnerable server, on Jun. 21, 2001.  [News Bytes] I did have to chuckle a bit after reading this. A couple of MS sites were defaced because they'd left an old unpatched version of the Front Page extensions on the server. The moral of the story is, get rid of anything that your are not using. If you happen to be using the Front Page extensions (not recommended) please keep an eye on security patches. 6:46:55 PM      comment []   Apache security configuration guide Included below is a recommended security configuration guide for the Apache web server, designed to provide security administrators with a method of configuring an installation based on the agreed security risk profile of the target system. The security configuration document divides recommendations into levels "Premium", "Standard", and "Basic", and covers a variety of installation, configuration and ongoing management tasks, including:  * Linux and Windows Installation Requirements  * Apache Base Installation  * Identification and Authentication  * Privacy and Encryption  * Access Control  * Auditing  * WebSphere [Open System Security Resources] If you use the Apache Web server or any of it's commercial derivatives including IBM Websphere or Oracle AppServer you might want to take a look at this guide.  While most of what it covers is standard practice, many people are moving to Apache from MS IIS. Apache uses configuration files and modules concepts that might be a bit foreign for IIS users. This guide makes it simple to do a quick security audit on your apache servers. 4:19:13 PM      comment []

© Copyright 2002 Pelle Braendgaard. Last update: 27/03/2002; 09:25:45. <