RE: Unusual request

["Schmehl, Paul L" <pauls () utdallas edu>]

Thanks to all who offered suggestions.  I don't know why I couldn't
remember "unicode" when I was googling, but then I've read thousands of
man pages and docs since then, and my mind can only hold so much
information. :-)

What I plan to do is load a box with a default install of IIS and use a
web browser based attack to demonstrate how easily a box can be
compromised when it's unpatched.  (I'll probably just deface a web
page.)  Since the audience will be "normal" users, I expect most of them
to be astounded and incredulous, which is why I wanted to use something
very simple to understand.  If I ran a program through a netcat session,
I suspect many of them wouldn't get it, but if I type a URL into a
browser, I *hope* they will all see that *anyone* could do that, even
with very little knowledge of exploits or security practices.

And before you ask, no the box will not be connected to our LAN.
Otherwise it would get Code Red and Nimda before I could even complete
my demonstration.  :-)

Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
The University of Texas at Dallas
http://www.utdallas.edu/~pauls/
AVIEN Founding Member 
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html