Hacker alert sounded
A newsletter devoted to bug reports sparked a hacker scare by reporting that Microsoft's Web servers are vulnerable to attacks, but company officials discounted the threat.
BugNet reported that two Microsoft Web servers--the FrontPage Personal Web Server and Internet Information Server--contain holes that could make them insecure, including a breach that would make it possible for hackers to reformat server hard drives.
The report by BugNet warns users against configuring the Microsoft servers in a way that could open those holes. That, however, could happen only if Web administrators do something they're not supposed to do: putting a Perl interpreter and scripts--software that is often used to connect Web servers to databases--in a Web server's "cgi-bin" directory.
If an administrator makes this mistake and this gets discovered by a hacker, that person could run a program available on the Net called Latro and open the door for malicious Net surfers to execute potentially damaging commands on the server.
Microsoft officials pointed out that this problem is true of all Windows Web servers, not just theirs. They also asserted that the vast majority of Webmasters know that this server set-up is a no-no. "This is not a bug," declared Mike Angiulo, program manager at Microsoft.
Still, the Computer Emergency Response Team issued a more general alert May 29 that did not mention any specific companies but warned against setting up Web servers with Perl programs in the wrong directories.