[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: NEWS: Web Security Hole Revealed



does anyone know how to crash Microsoft IIS (MS webserver)?

many thanks

igor

Robert Hettinga wrote:
> 
> 
> --- begin forwarded text
> 
> 
> X-Sender: [email protected]
> Mime-Version: 1.0
> Date: Wed, 11 Dec 1996 19:32:32 -0800
> To: N E W S   R E L E A S E  <[email protected]>
> From: "Steve O'Keefe" <[email protected]>
> Subject: NEWS: Web Security Hole Revealed
> 
> BREAKING NEWS
> For Release Thursday, December 12, 1996
> 
> MAJOR  WEB  SECURITY  FLAW  REVEALED
> 
> (New York) -- Edward Felten, head of Princeton University's
> Safe Internet Programming Team (SIP), today revealed a
> major security flaw in the Internet's World Wide Web.
> Called "web spoofing," the breach allows any Internet
> server to place itself between a user and the rest of the
> web. In that middle position, the server may observe, steal
> and alter any information passing between the unfortunate
> browser and the web.
> 
> All major web browsers are vulnerable to web spoofing,
> including Netscape Navigator and Microsoft Internet
> Explorer. Using web spoofing, a person can acquire
> passwords, credit card numbers, account numbers, and other
> private information, even if transmitted over an apparently
> secure connection.
> 
> The Boston Globe published an article about Felten's
> findings in this morning's "Plugged In" column. The story
> was written by Simson Garfinkel, technology columnist for
> HotWired's "Packet" news service. The complete story can be
> found at the following URL:
> 
> http://www.boston.com/globe/glohome.shtml
> 
> Felten will be demonstrating web spoofing TODAY, Thursday,
> December 12, at the Internet World expo at the Jacob K.
> Javits Convention Center in New York City. The
> demonstration will be held at the Wiley Computer Publishing
> Booth (#822) at 2:00 pm Eastern Time.
> 
> The web flaw is just the latest in a series of major
> Internet security problems uncovered by Felten and his
> team. Felten documents some of these problems in his new
> book, "Java Security: Hostile Applets, Holes, and
> Antidotes" to be published in January by Wiley Computer
> Publishing. For an advance review copy of the book, simply
> reply to this e-mail. For further information, please
> contact:
> 
> Edward Felten: [email protected]
> (917) 972-3693 (cellular phone at Internet World)
> (609) 258-5906 (Princeton University)
> 
> Jeffrey DeMarrais: [email protected]
> Wiley Computer Publishing
> (212) 850-6630 (review copies, interviews)
> 
> Java Security Web Site:
> http://www.rstcorp.com/java-security.html
> 
> Safe Internet Programming Web Site:
> http://www.cs.princeton.edu/sip/
> 
> --- end forwarded text
> 
> 
> 
> -----------------
> Robert Hettinga ([email protected])
> e$, 44 Farquhar Street, Boston, MA 02131 USA
> "The cost of anything is the foregone alternative" -- Walter Johnson
> The e$ Home Page: http://www.vmeng.com/rah/
> 
> 



	- Igor.