Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Concern Grows Over 'secret' Hacking Tool

Concern Grows Over 'secret' Hacking Tool

by platon on June 26th, 2001 Security professionals are concerned that a program used by hackers to exploit a flaw in Microsoft IIS webserver has not been made public. They fear that the hackers are keeping the tool secret in a bid to launch further damaging IIS attacks.


The latest in a long line of vulnerabilities in IIS was discovered last week, when it was revealed that a remote buffer overflow in all versions of IIS Internet Services API could be exploited to give an attacker complete control of a system.



But the security community is worried that hackers may be hanging on to the tool used for exploiting this hole, rather than releasing it for analysis so that a patch can be developed.



Typically, when a hole is discovered, a tool capable of exploiting the glitch appears within 48 hours, encouraging administrators to patch their systems quickly.



But so far, no such tool has appeared to push administrators into gear, although rumour has it that hackers are in possession of such a program, potentially leaving the six million users of IIS at risk.



Security firm @stake warned that administrators are less likely to react to an advisory if there is no exploit tool available.



Hackers thrive on a lack of awareness in security and, by keeping the exploit tool underground, network administrators could be lulled into a false sense of security.




Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »