Why are you not running Apache? New IIS holes should make you rethink your web server
May 20, 2009, 15:32 (0 Talkback[s])
(Other stories by David Lane)
"First, we have reports of the theft and corruption of the
Commonwealth of Virginia's Prescription Monitoring Program web
site. The story is that the site had been hacked, the data
encrypted or deleted or being held hostage, according to a variety
of sites, and the FBI is investigating. As discussed on the latest
Search Engine, almost no one is really taking the ransom demand
seriously for a variety of reasons. The second topic that got me
annoyed was a ComputerWorld article yesterday about new, serious
bugs in IIS and Microsoft's prevailing attitude about the risk.
Finally I had to set up an IIS server and kept lamenting that it
should not be this hard.
"Now, in all fairness, IIS 7 is supposed to be a much better
product with text file configuration capability (just like Apache)
and it is supposed to be more secure. My question is this. Why,
would anyone voluntarily run their web site on IIS? Especially if
it was a forward-facing site, connected to the Internet and
subjected to attacks every minute of every day?"