[N3WBI3]

An iis6 guy putting his money where his mouth is. I dont advocate hacking other peoples boxes but as a hardening test it should be interesting

[softwarecreator]

We want to put IIS 6.0 to the test to see if it is highly secure when you implement it correctly.

And your reasoning for this is ...?

[general_re]

These kinds of things typically don't amount to much - even if it stays up, that's hardly proof of invulnerability. Frankly, if I had a reliable, repeatable way of cracking into IIS, I'd want a heck of a lot more than an XBox in exchange for that information.

[stylin_geek]

I know I'm going to look at this, simply because we do multi million dollar secure bank transactions where I work. And the sites require IE.

[ShadowAce]

[struggle]

huh...? oh.

[Golden Eagle]

I know a guy that worked as a consultant to Microsoft when they did this for Windows 2000, and that box never got hacked. He said all they did was lock every port but 80 down with IPSec, and shut down every unneccesary service.

Despite what some people will tell you, a fully patched box with proper usernames/passwords implemented is practically impossible to hack, the only way is if you have access to a "zero day" exploit that no one knows about or has had time to develop a defense for. Anybody that has one of those probably isn't going to waste it for an XBOX, unless they really want to try to humiliate Microsoft. But give MS some credit, not only have they already tried this before, and succeeded, they're willing to risk it again.