• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Microsoft anti-Unix site runs... Unix!

  • Thread starter Thread starter
  • Start date Start date

Hahaha, what total morons! I guess Windows could not handle the FUD load.

http://news.com.com/2100-1001-872266.html


<< The site, dubbed "We have the way out," runs on Web servers powered by FreeBSD, an open-source version of Unix, along with the Unix-based Web server Apache, according to Netcraft, which tracks Web site information. Both pieces of software compete with Microsoft's Windows operating system. The Microsoft/Unisys site solicits names and contact information in exchange for research reports on data center trends. >>



chris@yamato:~$ telnet www.wehavethewayout.com 80
Trying 198.63.57.204...
Connected to www.wehavethewayout.com.
Escape character is '^]'.
HEAD / HTTP/1.0

HTTP/1.1 200 OK
Date: Mon, 01 Apr 2002 16:43:13 GMT
Server: Rapidsite/Apa-1.3.14 (Unix) FrontPage/4.0.4.3 mod_ssl/2.7.1 OpenSSL/0.9.5a
Last-Modified: Thu, 28 Mar 2002 20:52:25 GMT
ETag: "11f79ad-2595-3ca38289"
Accept-Ranges: bytes
Content-Length: 9621
Connection: close
Content-Type: text/html


BAWHAHAHAHA!!!
 
http://zdnet.com.com/2100-1104-872304.html

Another article. Not to mention the site is very insecure, jeeze.

Starting nmap V. 2.54BETA29 ( www.insecure.org/nmap/ )
Interesting ports on www.wehavethewayout.com (198.63.57.204):
(The 1158 ports scanned but not shown below are in state: filtered)
Port State Service
21/tcp open ftp
25/tcp open smtp
80/tcp open http
110/tcp open pop-3
443/tcp open https
554/tcp open rtsp
3306/tcp open mysql

Remote operating system guess: FreeBSD 4.1.1 - 4.3 (X86)

Nmap run completed -- 1 IP address (1 host up) scanned in 20 seconds
 
Hey, they could've just created a simple isapi extension that altered the header 🙂 I've actually done that before to remove the possibility of bots identifying our system as a potential target simply through banner retrieval.



<< Another article. Not to mention the site is very insecure, jeeze. >>



Note, open ports is not necessarily indicative of an insecure system. Indeed, it means there is great potential for exploitation, but those are all legitimate services. I do think that most of those services running should not be externally accessible.

[edit]I hadn't noticed earlier, but I guess I shouldn't say those ports are "open", as nmap is showing them as filtered. That at least gives you the indication that they had a leigimate need for all of those services to be externally accessible.[/edit]
 


<< Note, open ports is not necessarily indicative of an insecure system. Indeed, it means there is great potential for exploitation, but those are all legitimate services. I do think that most of those services running should not be externally accessible. >>


The mysql port is just plain scary.
 
Heh, I dont know if this is some master plan where M$ will have it crash just to say, "See, MS products are better.." Either that, or MS is stupider than I thought, they had to have known people were going to be checking it out.
 


<< Heh, I dont know if this is some master plan where M$ will have it crash just to say, "See, MS products are better.."
Either that, or MS is stupider than I thought, they had to have known people were going to be checking it out. >>


I was thinking along the same lines. Being the server is setup to be blatantly insecure, methinks they want someone to hack it so they can cry "see, Unix is totally insecure!"

For God's sake they are running a 7 year old version of BSD. How stupid (or shrewd) are they?
 


<< I was thinking along the same lines. Being the server is setup to be blatantly insecure, methinks they want someone to hack it so they can cry "see, Unix is totally insecure!"

For God's sake they are running a 7 year old version of BSD. How stupid (or shrewd) are they? >>



I hope that's not the case, but it seems almost obviously so. All the form submissions are sent to info@pmgdirect.com, which is a bit strange.

It does seem like some sort of a honeypot. *shrug*
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top