Microsoft has confirmed a vulnerability in its Internet Information Services webserver and spelled out the conditions under which it can be exploited to give an attacker complete control of the server on which it runs.
Remote execution of malicious code can be triggered only in limited cases, and even then, it’s relatively easy to change settings that close that possibility. Even then, exploits can still touch off denial-of-service attacks that completely shut down file transfer protocol.
Proof-of-concept code exploiting the vulnerability was released Monday. Microsoft said it will release a fix as soon as it’s ready.
The vulnerability can be…

Reader [john] finished up his home power monitor over the holiday weekend. It uses a pair of current transducers clamped onto the mains. These output 0-3V and are read by the Arduino’s ADC. The Arduino averages samples over a 20 second period, calculates power used, and uploads it using an Ethernet Shield. The shield can’t do DNS lookups, so he uses a WRT54G to negotiate with the remote webserver. He admits that the system could be more accurate; it can’t detect small loads like wall warts. He also says that money could be saved by talking serial to the…

[ Read the rest of the story in the original article... ]