[iwar] Historical posting

From: Fred Cohen
From: fc@all.net
To: iwar@onelist.com
Mon, Jan 1, 1999

Messages sorted by: [ date ][ subject ][ author ][ recipient ]
Next message: From: Fred Cohen To: "[iwar] Historical posting"
Previous message: From: Fred Cohen To: "[iwar] Historical posting"

fc  Mon Jan 1, 1999
Received: (from fc@localhost) by all.net (8.9.3/8.7.3) id FAA15269 for iwar@onelist.com; Tue, 18 Apr 2000 05:21:43 -0700
To: iwar@onelist.com
MIME-Version: 1.0
Mailing-List: list iwar@egroups.com; contact iwar-owner@egroups.com
Delivered-To: mailing list iwar@egroups.com
Precedence: bulk
List-Unsubscribe: 
Date: Mon, Jan 1, 1999
From: Fred Cohen 
Reply-To: iwar@egroups.com
Subject: [iwar] Historical posting

             The following security advisory is sent to the securiteam mailing
list, and can be found at the SecuriTeam web site:
http://www.securiteam.com

          RSA web site defaced
----------------------------------------------------------------------
----------
SUMMARY

RSA is one of the leading cryptographic companies and has been in the
business of protecting Internet and intranet sites by providing
cryptographic protection programs for quite a long time. Now, as the
attacker wrote in the hacked version of the RSA site "The most trusted
name in E-security has been owned". Unlike the recent DoS attacks,
this
attacks proves that the attackers had the ability to alter the
information
visitors see when viewing the RSA web site.

DETAILS

A mirror of the defaced site can be found at:
 <http://www.attrition.org/mirror/attrition/2000/02/12/www.rsa.com/>
http://www.attrition.org/mirror/attrition/2000/02/12/www.rsa.com/.

Apparently, the attack was performed by breaking into a high-level
<http://foldoc.doc.ic.ac.uk/foldoc/foldoc.cgi?query=DNS> DNS server,
and
replacing the DNS entry of www.rsa.com with a different value that
points
to the defaced site. This attack was meant to prove the weakness of
the
domain name system as implemented today on the Internet, showing that
even
RSA, a well-known establishment and a very security-conscious company,
can
be defaced using DNS attacks.

ADDITIONAL INFORMATION

RSA's home page can be found at:
 <http://www.rsa.com> http://www.rsa.com

 <http://www.attrition.org/> Attrition keeps (among other things)
mirrors
of defaced web sites. It also does very good statistical measurements
of
how many web sites were hacked and what operating systems they used.
This
information can be found at:
 <http://www.attrition.org/mirror/attrition/stats.html>
http://www.attrition.org/mirror/attrition/stats.html
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and
body to: list-unsubscribe@s...
In order to subscribe to the mailing list, simply forward this email
to: list-subscribe@s...
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty
of any kind.
In no event shall we be liable for any damages whatsoever including
direct, indirect, incidental, consequential, loss of business profits
or special damages.

Det. Robert W. Miller
Colorado Internet Crimes Against
Children Task Force
Pueblo High Tech. Crime Unit
Pueblo County Sheriff's Office
909 Court St.
Pueblo, CO. 81003
Tel (719)583-4736
FAX (719)583-4732
mailto:snooker@i...
mailto:cicactf@i...
http://www.co.pueblo.co.us/sheriff/
PGP key available at: http://pgpkeys.mit.edu:11371/
search on snooker@i...

Next message: From: Fred Cohen To: "[iwar] Historical posting"
Previous message: From: Fred Cohen To: "[iwar] Historical posting"