5 posts • joined 3 Jul 2009
@ Destroy All Monsters
>1) Why would a webserver need to execute uploaded code? Is this a new approach to distributed >computing?
A web server would not 'want' to execute uploaded code. After the file is uploaded to the server (bypassing content filters using this hack), the malicious user would request the file via http, thus executing it.
The effect of this would depend on the permissions which the IIS process runs under. Recommendations are to run this with a low privilege account. This should prevent running services, installing malware, most administrative functions. This is probably why Secunia have given the exploit a low rating.
>2) How does IIS decide whether to execute something if the rule is to _not_ execute something >ending in .asp?
IIS executes ASP files by default (via passing the request to the ASP.dll handler), not the other way around. The general rule is to prevent users UPLOADING executable files like this via a file upload facility.
I know its clever to be down on Micro$oft, but why comment when you don't understand the issue.
we will assimilate your culture
interesting in the chinese sense of the word
lets all get behind android.
all hail our new goverlords!
What will Office web applications actually be?
Installed pretty slick for me.
I am interested in what Office Web applications actually turns out to be. It sounds like it has potential, but I've heard some muttering about it being pretty limited and tied into SharePoint, which sounds like a MS strategy and changes things a bit
When linux takes over?
Had to guffaw.
"...but when Linux starts really taking over as the standard IT computing platform..."
Its been around for over 10 years, and its sitting at < 1 % of desktop / laptops. Every OEM manufacturer who has a go at selling a Linux desktop / laptop pulls the plug quick smart, because they discover that the market for linux is a small number of shouty techies. Most users just dont *want it*
Linux had its best ever opportunity to grab consumer market share with netbooks. Guess what ? Windows own the vast majority of that market . MS didn't force it down peoples throats, users WANT it. More to the point, they DONT want Linux.
Linux shines as a commodity cheapie web server O/S , beyond that forget it.
Convulsing about Mono on Debian is just .... taking yourself too damn seriously