Return-Path: <sentto-279987-2515-1001788132-fc=all.net@returns.onelist.com> Delivered-To: fc@all.net Received: from 204.181.12.215 by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Sat, 29 Sep 2001 11:30:07 -0700 (PDT) Received: (qmail 9362 invoked by uid 510); 29 Sep 2001 18:29:05 -0000 Received: from n18.groups.yahoo.com (216.115.96.68) by 204.181.12.215 with SMTP; 29 Sep 2001 18:29:05 -0000 X-eGroups-Return: sentto-279987-2515-1001788132-fc=all.net@returns.onelist.com Received: from [10.1.4.54] by mr.egroups.com with NNFMP; 29 Sep 2001 18:28:52 -0000 X-Sender: fc@big.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-7_4_1); 29 Sep 2001 18:28:52 -0000 Received: (qmail 60114 invoked from network); 29 Sep 2001 18:28:51 -0000 Received: from unknown (10.1.10.26) by l8.egroups.com with QMQP; 29 Sep 2001 18:28:51 -0000 Received: from unknown (HELO big.all.net) (65.0.156.78) by mta1 with SMTP; 29 Sep 2001 18:28:51 -0000 Received: (from fc@localhost) by big.all.net (8.9.3/8.7.3) id LAA06631 for iwar@onelist.com; Sat, 29 Sep 2001 11:28:51 -0700 Message-Id: <200109291828.LAA06631@big.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL1] From: Fred Cohen <fc@all.net> Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Sat, 29 Sep 2001 11:28:50 -0700 (PDT) Reply-To: iwar@yahoogroups.com Subject: [iwar] [fc:BWI.Airport.website.defaced] Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit <a href="http://www.attrition.org/mirror/">http://www.attrition.org/mirror/> In the wake of the WTC/Pentagon attacks, the importance of all types of security is abundantly clear. Many people have questioned the relation of online security after the breakdowns in physical security that contributed to the tragic events on September 11. The defacement of the BWI Airport web site provides just such an example. Visitors to the site are able to easily click to curent flight information. http://www.bwiairport.com/frames/0_arrivals.html After agreeing that the information you see may not be accurate, you are given a nice schedule of flights and their curent status. What if a computr criminal were to make small variations on these schedules. Alter flight times, gates, destinations, or worse, change the status of a flight from 'LANDED' to 'CRASHED'. The sheer panic and resulting mayhem would be a disaster unto itself. These types of attacks (often referred to Subversion of Information attacks) are perhaps the worst imagineable in the realm of web defacements. This is one of the cases where it seems fortunate that the attacker left an obvious defacement instead of something more subtle. Defaced Website: www.bwiairport.com Defaced by: tty0 Mirror: http://defaced.alldas.de/mirror/2001/09/27/www.bwiairport.com/ - The information and commentary is Copyright 2001, by the individual author. Permission is granted to quote, reprint or redistribute provided the text is not altered, and the author and attrition.org is credited. The opinions expressed in this mail are not necessarily the opinion of all Attrition staff members. Commentary Archive: http://www.attrition.org/security/commentary/ The Attrition Mirror: http://www.attrition.org/mirror/attrition/ Country/TLD Statistics: http://www.attrition.org/mirror/attrition/country.html Attrition Defacement Statistics: http://www.attrition.org/mirror/attrition/stats.html Operating System Graphs: http://www.attrition.org/mirror/attrition/os-graphs.html ------------------------ Yahoo! Groups Sponsor ---------------------~--> Get your FREE VeriSign guide to security solutions for your web site: encrypting transactions, securing intranets, and more! http://us.click.yahoo.com/UnN2wB/m5_CAA/yigFAA/kgFolB/TM ---------------------------------------------------------------------~-> ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-09-29 21:08:52 PDT