Susan Bradley has posted her analysis of how her Windows server was hacked.
This is interesting to me, as Bradley is an expert on server administration and patching; I’m glad she has had the courage to post all these details, thus benefiting the community, rather than pretending the server was down for emergency maintenance or the like.
She thinks it was a security bug in IceWarp Web Mail. This appears to be a PHP application. Although the bug has been fixed, she was running an old version because the new one broke some important features.
The explanation sounds plausible to me. So is it applications rather than operating systems that form the most critical security weaknesses today? Yes, but both are involved. I would be interested to know whether the same bug in a Linux installation of IcwWarp would have been equally easy to escalate to the entire OS.
- Small Business Server “Aurora” based on Windows Home Server and will have hooks to the cloud
- Using backup on Windows Hyper-V Server or Server Core
- Microsoft sets launch day for Visual Studio 2008, SQL Server 2008, Windows Server 2008
- Why Windows Installer pops up when you run an application
- 10 steps to a well-behaved Windows application