Supposedly secure files on Irish semi-state agency and business sites remained easily accessible from the Web yesterday due to a security flaw in a popular Web server software programme.
Many Irish organisations seem unaware of the serious hole discovered last Tuesday in Microsoft's widely-used Internet Information Server software (IIS). The flaw allows anyone using a Web browser to obtain potentially sensitive information from Web servers running the Windows NT operating system.
Similar to holes found in recent weeks in Netscape and O'Reilly Web server software, the IIS glitch lets users access scripting source code - the language in which Web pages and applications are written - which in turn can give access to database information and system passwords.
Some Irish computer consultancies and Web developers scrambled to contact clients once the hole was announced by Microsoft. Microsoft has posted a `hotfix' for IIS 4.0 and 3.0 on its Website (www.microsoft.com/security) and sent out an e-mail alert to programmers. According to Mr Peter Bell, Microsoft UK's product manager for Internet services, only files of a certain type, in certain situations can be accessed.
:quality(70)/s3.amazonaws.com/arc-authors/irishtimes/2a429887-bb72-4814-bd40-0cbf79fe8d51.png)
:quality(70)/cloudfront-eu-central-1.images.arcpublishing.com/irishtimes/VR3765MFOBH2NMV2QNICYDF67M.png)