Skip to comments.
Hack iis6 contest underway..
http://www.hackiis6.com/ ^
| 2005-05-05
| http://www.hackiis6.com/
Posted on 05/05/2005 12:52:05 PM PDT by N3WBI3
1) Most security breaches are caused by not following basic security guidelines and best practices. We want to put IIS 6.0 to the test to see if it is highly secure when you implement it correctly.
2) Because it's a fun way to engage with you, our audience!
3) It's a chance to share knowledge and demonstrate how to protect your system against hack attempts. Coming in our July issue, we'll publish an article "How to Set Up a Hackproof IIS" featuring Roger Grimes' recap of the contest, and sharing the secrets of how he created an impenetrable IIS environment.
TOPICS: Computers/Internet
KEYWORDS: hack; iis; microsoft
Navigation: use the links below to view more comments.
first 1-20, 21-27 next last
An iis6 guy putting his money where his mouth is. I dont advocate hacking other peoples boxes but as a hardening test it should be interesting
1
posted on
05/05/2005 12:52:07 PM PDT
by
N3WBI3
To: Swordmaker
2
posted on
05/05/2005 12:52:21 PM PDT
by
N3WBI3
To: N3WBI3
We want to put IIS 6.0 to the test to see if it is highly secure when you implement it correctly. And your reasoning for this is ...?
3
posted on
05/05/2005 12:54:19 PM PDT
by
softwarecreator
(Facts are to liberals as holy water is to vampires)
To: ShadowAce
4
posted on
05/05/2005 12:55:20 PM PDT
by
stylin_geek
(Liberalism: comparable to a chicken with its head cut off, but with more spastic motions)
To: N3WBI3
These kinds of things typically don't amount to much - even if it stays up, that's hardly proof of invulnerability. Frankly, if I had a reliable, repeatable way of cracking into IIS, I'd want a heck of a lot more than an XBox in exchange for that information.
5
posted on
05/05/2005 12:55:48 PM PDT
by
general_re
("Frantic orthodoxy is never rooted in faith, but in doubt." - Reinhold Niebuhr)
To: N3WBI3
I know I'm going to look at this, simply because we do multi million dollar secure bank transactions where I work. And the sites require IE.
6
posted on
05/05/2005 12:56:41 PM PDT
by
stylin_geek
(Liberalism: comparable to a chicken with its head cut off, but with more spastic motions)
To: softwarecreator
And your reasoning for this is ...?I would bet it is to test to see if it is highly secure when you implement it correctly.
7
posted on
05/05/2005 12:57:01 PM PDT
by
Flyer
(If I were 8 pixels tall I could fit in my tag line)
To: general_re
You get to say that you're the guy who hacked IIS. Nobody really cares about the XBox and most contestants aren't interested in that anyway.
8
posted on
05/05/2005 12:58:56 PM PDT
by
t_skoz
("let me be who I am - let me kick out the jams!")
To: rdb3; chance33_98; Calvinist_Dark_Lord; Bush2000; PenguinWry; GodGunsandGuts; CyberCowboy777; ...
9
posted on
05/05/2005 1:05:50 PM PDT
by
ShadowAce
(Linux -- The Ultimate Windows Service Pack)
To: N3WBI3
huh...? oh.
10
posted on
05/05/2005 1:09:51 PM PDT
by
struggle
((The struggle continues))
To: t_skoz
If I'm the guy who can hack IIS, I can probably parlay that skill into more tangible rewards than nerd-kudos ;)
11
posted on
05/05/2005 1:10:16 PM PDT
by
general_re
("Frantic orthodoxy is never rooted in faith, but in doubt." - Reinhold Niebuhr)
To: softwarecreator
And your reasoning for this is ...? Because the guy doing this makes his living pushing Microsoft products.
To: softwarecreator
Hey dont jump on me, this guy is a MS users and tech writer...
Roger A. Grimes
Contributing editor, Windows IT Pro Magazine
13
posted on
05/05/2005 1:38:54 PM PDT
by
N3WBI3
To: general_re
Umm not really hacking iis is not a one in a million type of deal. There is a reason you secure in layers and thats because a naked iis6 box on the net is just waiting to be hacked..
14
posted on
05/05/2005 1:41:08 PM PDT
by
N3WBI3
To: general_re
even if it stays up, that's hardly proof of invulnerability.
True. But if it doesn't stay up, that's certainly proof of vulnerability. ;-p
15
posted on
05/05/2005 2:18:11 PM PDT
by
Bush2000
To: N3WBI3
I wasn't. I was in the middle of writing it and had to go. Accidently pushed the "reply" button.
16
posted on
05/05/2005 2:28:42 PM PDT
by
softwarecreator
(Facts are to liberals as holy water is to vampires)
To: N3WBI3; Bush2000
...a naked iis6 box on the net is just waiting to be hacked.. Oh, no - IIS 6/Windows Server 2003 is actually quite tight, even in the default configuration. I predict it won't be cracked, because the people most likely to be able to do it are the least likely to want to reveal that ability.
17
posted on
05/05/2005 2:29:40 PM PDT
by
general_re
("Frantic orthodoxy is never rooted in faith, but in doubt." - Reinhold Niebuhr)
To: N3WBI3
I know a guy that worked as a consultant to Microsoft when they did this for Windows 2000, and that box never got hacked. He said all they did was lock every port but 80 down with IPSec, and shut down every unneccesary service.
Despite what some people will tell you, a fully patched box with proper usernames/passwords implemented is practically impossible to hack, the only way is if you have access to a "zero day" exploit that no one knows about or has had time to develop a defense for. Anybody that has one of those probably isn't going to waste it for an XBOX, unless they really want to try to humiliate Microsoft. But give MS some credit, not only have they already tried this before, and succeeded, they're willing to risk it again.
To: N3WBI3
Umm not really hacking iis is not a one in a million type of deal. There is a reason you secure in layers and thats because a naked iis6 box on the net is just waiting to be hacked..
Then go for it. If it's so easy, it should be a piece of cake for you. Or, are you just blowing smoke?
19
posted on
05/05/2005 5:54:32 PM PDT
by
Bush2000
To: general_re
because the people most likely to be able to do it are the least likely to want to reveal that ability This was the point I wanted to make in #3, but got called away and accidently posted it.
If you are a 'expert' hacker, what reason would you have to expose yourself and your 'methods'? An X-Box? Makes no sense to me, but then I never understood the thrill of hacking anyway, so what do I know?
20
posted on
05/05/2005 7:13:44 PM PDT
by
softwarecreator
(Facts are to liberals as holy water is to vampires)
Navigation: use the links below to view more comments.
first 1-20, 21-27 next last
Disclaimer:
Opinions posted on Free Republic are those of the individual
posters and do not necessarily represent the opinion of Free Republic or its
management. All materials posted herein are protected by copyright law and the
exemption for fair use of copyrighted works.
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson