[iwar] [fc:BWI.Airport.website.defaced]

From: Fred Cohen (fc@all.net)
Date: 2001-09-29 11:28:50

Next message: Fred Cohen: "[iwar] [fc:Pakistan.Shuts.Down.Islamic.Group]"
Previous message: Fred Cohen: "[iwar] [fc:Taliban.minister.denies.US.troops.capture]"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Message-Id: <200109291828.LAA06631@big.all.net>
To: iwar@onelist.com (Information Warfare Mailing List)
Organization: I'm not allowed to say
From: Fred Cohen <fc@all.net>
Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com
Precedence: bulk
Date: Sat, 29 Sep 2001 11:28:50 -0700 (PDT)
Reply-To: iwar@yahoogroups.com
Subject: [iwar] [fc:BWI.Airport.website.defaced]
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

<a href="http://www.attrition.org/mirror/">http://www.attrition.org/mirror/>

In the wake of the WTC/Pentagon attacks, the importance of all types of
security is abundantly clear.  Many people have questioned the relation
of online security after the breakdowns in physical security that
contributed to the tragic events on September 11.  The defacement of the
BWI Airport web site provides just such an example. 

Visitors to the site are able to easily click to curent flight
information. http://www.bwiairport.com/frames/0_arrivals.html

After agreeing that the information you see may not be accurate, you are
given a nice schedule of flights and their curent status.  What if a
computr criminal were to make small variations on these schedules. 
Alter flight times, gates, destinations, or worse, change the status of
a flight from 'LANDED' to 'CRASHED'.  The sheer panic and resulting
mayhem would be a disaster unto itself.  These types of attacks (often
referred to Subversion of Information attacks) are perhaps the worst
imagineable in the realm of web defacements.  This is one of the cases
where it seems fortunate that the attacker left an obvious defacement
instead of something more subtle. 

Defaced Website: www.bwiairport.com
Defaced by: tty0
Mirror: http://defaced.alldas.de/mirror/2001/09/27/www.bwiairport.com/

-
The information and commentary is Copyright 2001, by the individual author.
Permission is granted to quote, reprint or redistribute provided the text is not
altered, and the author and attrition.org is credited. The opinions expressed
in this mail are not necessarily the opinion of all Attrition staff members.

Commentary Archive: http://www.attrition.org/security/commentary/
The Attrition Mirror: http://www.attrition.org/mirror/attrition/
Country/TLD Statistics: http://www.attrition.org/mirror/attrition/country.html
Attrition Defacement Statistics: http://www.attrition.org/mirror/attrition/stats.html
Operating System Graphs: http://www.attrition.org/mirror/attrition/os-graphs.html

------------------------ Yahoo! Groups Sponsor ---------------------~-->
Get your FREE VeriSign guide to security solutions for your web site: encrypting transactions, securing intranets, and more!
http://us.click.yahoo.com/UnN2wB/m5_CAA/yigFAA/kgFolB/TM
---------------------------------------------------------------------~->

------------------
http://all.net/ 

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/

Next message: Fred Cohen: "[iwar] [fc:Pakistan.Shuts.Down.Islamic.Group]"
Previous message: Fred Cohen: "[iwar] [fc:Taliban.minister.denies.US.troops.capture]"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.2 : 2001-09-29 21:08:52 PDT