[vox] what do they pay their staff for?!?

Peter Jay Salzman vox@lists.lugod.org
Tue, 18 Mar 2003 12:26:41 -0800


everyone probably read yesterday about the win2k IIS vulnerability
in webdav yesterday.   heck, webdav *sounds* like a security hole
waiting to happen.

and they made no bones about it:  the news said, in black and white,
there was a tool readily available for download that exploits the
vulnerability.   the news also said a patch was available from MS.


today i read the news.  the US army's webserver was hacked.  the webdav
hole is to blame.


ok, let's forget the issue of why the army is using IIS to begin with.
that's a whole different issue.  i'm wondering who gets paid to sit
around and administrate army webservers, and why it didn't occur to them

   "hey, wait a minute.  WE'RE running IIS on win2k servers!"

a website isn't a big deal, but considering we're on the brink of war,
you'd think the administrators would be a bit more on the ball.  who
knows what's networked to what.  heck, i don't have microsoft anything,
and i still knew about the webdav hack.

pete

-- 
Fingerprint: B9F1 6CF3 47C4 7CD8 D33E 70A9 A3B9 1945 67EA 951D