[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: NEWS: Web Security Hole Revealed
does anyone know how to crash Microsoft IIS (MS webserver)?
many thanks
igor
Robert Hettinga wrote:
>
>
> --- begin forwarded text
>
>
> X-Sender: [email protected]
> Mime-Version: 1.0
> Date: Wed, 11 Dec 1996 19:32:32 -0800
> To: N E W S R E L E A S E <[email protected]>
> From: "Steve O'Keefe" <[email protected]>
> Subject: NEWS: Web Security Hole Revealed
>
> BREAKING NEWS
> For Release Thursday, December 12, 1996
>
> MAJOR WEB SECURITY FLAW REVEALED
>
> (New York) -- Edward Felten, head of Princeton University's
> Safe Internet Programming Team (SIP), today revealed a
> major security flaw in the Internet's World Wide Web.
> Called "web spoofing," the breach allows any Internet
> server to place itself between a user and the rest of the
> web. In that middle position, the server may observe, steal
> and alter any information passing between the unfortunate
> browser and the web.
>
> All major web browsers are vulnerable to web spoofing,
> including Netscape Navigator and Microsoft Internet
> Explorer. Using web spoofing, a person can acquire
> passwords, credit card numbers, account numbers, and other
> private information, even if transmitted over an apparently
> secure connection.
>
> The Boston Globe published an article about Felten's
> findings in this morning's "Plugged In" column. The story
> was written by Simson Garfinkel, technology columnist for
> HotWired's "Packet" news service. The complete story can be
> found at the following URL:
>
> http://www.boston.com/globe/glohome.shtml
>
> Felten will be demonstrating web spoofing TODAY, Thursday,
> December 12, at the Internet World expo at the Jacob K.
> Javits Convention Center in New York City. The
> demonstration will be held at the Wiley Computer Publishing
> Booth (#822) at 2:00 pm Eastern Time.
>
> The web flaw is just the latest in a series of major
> Internet security problems uncovered by Felten and his
> team. Felten documents some of these problems in his new
> book, "Java Security: Hostile Applets, Holes, and
> Antidotes" to be published in January by Wiley Computer
> Publishing. For an advance review copy of the book, simply
> reply to this e-mail. For further information, please
> contact:
>
> Edward Felten: [email protected]
> (917) 972-3693 (cellular phone at Internet World)
> (609) 258-5906 (Princeton University)
>
> Jeffrey DeMarrais: [email protected]
> Wiley Computer Publishing
> (212) 850-6630 (review copies, interviews)
>
> Java Security Web Site:
> http://www.rstcorp.com/java-security.html
>
> Safe Internet Programming Web Site:
> http://www.cs.princeton.edu/sip/
>
> --- end forwarded text
>
>
>
> -----------------
> Robert Hettinga ([email protected])
> e$, 44 Farquhar Street, Boston, MA 02131 USA
> "The cost of anything is the foregone alternative" -- Walter Johnson
> The e$ Home Page: http://www.vmeng.com/rah/
>
>
- Igor.