BCC mastercardsite flipping versions of IIS
just an idea but the day before the hack it was flipping between versions of IIS that were 5 and 6.
We have repeated over and over again, there is no way you can secure an IIS 5 all the time against all the threats and exploits that are being developed every month. One day it will fall. If your site it still running on IIS 5 use these holidays to upgrade to IIS6. Oh and for the Apache believers, don't install Apache if you have no apache specialist in house, the number of exploits and attacks against Apache are far more important. The more because with Apache you can deface all the other sites on the same host if you find one with a weak link.
Insecurity and complexity are maybe the reasons IIS is growing stronger in the server market and Apache is losing marketshare at an astonishing rate on the internet in general.
But for the .be domain the tendency seems to be totally different.
Or what this information also shows is that a site may change from provider and host, but it doesn't necessarily control enough what is going to be running on that server and how it is secured. For high-level sites like these, this should be tested before going live. BCC maybe happy that the Belgian media is playing by the Omerta and that nobody published the fact that they were defaced.
The confidence of the Belgian consumers in e-commerce is already low enough.
We did no scan on the server itself but used the database of netcraft. The belgian law is too strict to do anything even very innocent.