|
Focus on Microsoft
/Rpc virtual directory in IIS - How did it get there? Dec 05 2002 03:08AM sjr hushmail com (2 replies) Re: /Rpc virtual directory in IIS - How did it get there? Dec 06 2002 06:41PM H C (keydet89 yahoo com) |
|
|
Privacy Statement |
> [...] Plus, we only allow SSL/TCP 443 traffic to it from the Internet, which generally wards off the most common IIS attacks.
> [...]
meeep .... wrong.
SSL doesn't ward off attacks. Some worms that don't use SSL may not be
able to get you, but SSL does nothing for security vulnerabilities, i.e.
it doesn't make you not vulnerable against Unicode et. al.
You can still run exploits over SSL and hack a box. One just needs to
rig the attack scripts to use SSL, that's all. Don't think that because
you are using SSL, you are secure.
Regards,
Frank
[ reply ]