[iwar] [fc:BWI.Airport.website.defaced]

From: Fred Cohen (fc@all.net)
Date: 2001-10-01 06:35:23


Return-Path: <sentto-279987-2559-1001943245-fc=all.net@returns.onelist.com>
Delivered-To: fc@all.net
Received: from 204.181.12.215 by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Mon, 01 Oct 2001 06:36:07 -0700 (PDT)
Received: (qmail 507 invoked by uid 510); 1 Oct 2001 13:35:36 -0000
Received: from n28.groups.yahoo.com (216.115.96.78) by 204.181.12.215 with SMTP; 1 Oct 2001 13:35:36 -0000
X-eGroups-Return: sentto-279987-2559-1001943245-fc=all.net@returns.onelist.com
Received: from [10.1.1.223] by f19.egroups.com with NNFMP; 01 Oct 2001 13:35:27 -0000
X-Sender: fc@big.all.net
X-Apparently-To: iwar@onelist.com
Received: (EGP: mail-7_4_1); 1 Oct 2001 13:34:05 -0000
Received: (qmail 60165 invoked from network); 1 Oct 2001 13:34:02 -0000
Received: from unknown (10.1.10.26) by 10.1.1.223 with QMQP; 1 Oct 2001 13:34:02 -0000
Received: from unknown (HELO big.all.net) (65.0.156.78) by mta1 with SMTP; 1 Oct 2001 13:35:24 -0000
Received: (from fc@localhost) by big.all.net (8.9.3/8.7.3) id GAA23897 for iwar@onelist.com; Mon, 1 Oct 2001 06:35:24 -0700
Message-Id: <200110011335.GAA23897@big.all.net>
To: iwar@onelist.com (Information Warfare Mailing List)
Organization: I'm not allowed to say
X-Mailer: don't even ask
X-Mailer: ELM [version 2.5 PL1]
From: Fred Cohen <fc@all.net>
Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com
Delivered-To: mailing list iwar@yahoogroups.com
Precedence: bulk
List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com>
Date: Mon, 1 Oct 2001 06:35:23 -0700 (PDT)
Reply-To: iwar@yahoogroups.com
Subject: [iwar] [fc:BWI.Airport.website.defaced]
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

BWI Airport website defaced 
Attrition.org, 10/1/2001

In the wake of the WTC/Pentagon attacks, the importance of all types of
security is abundantly clear.  Many people have questioned the relation
of online security after the breakdowns in physical security that
contributed to the tragic events on September 11.  The defacement of the
BWI Airport web site provides just such an example. 

Visitors to the site are able to easily click to curent flight
information. http://www.bwiairport.com/frames/0_arrivals.html

After agreeing that the information you see may not be accurate, you are
given a nice schedule of flights and their curent status.  What if a
computr criminal were to make small variations on these schedules. 
Alter flight times, gates, destinations, or worse, change the status of
a flight from 'LANDED' to 'CRASHED'.  The sheer panic and resulting
mayhem would be a disaster unto itself.  These types of attacks (often
referred to Subversion of Information attacks) are perhaps the worst
imagineable in the realm of web defacements.  This is one of the cases
where it seems fortunate that the attacker left an obvious defacement
instead of something more subtle. 

Defaced Website: www.bwiairport.com Defaced by: tty0 Mirror:
<a href="http://defaced.alldas.de/mirror/2001/09/27/www.bwiairport.com/">http://defaced.alldas.de/mirror/2001/09/27/www.bwiairport.com/>

------------------------ Yahoo! Groups Sponsor ---------------------~-->
Get your FREE VeriSign guide to security solutions for your web site: encrypting transactions, securing intranets, and more!
http://us.click.yahoo.com/UnN2wB/m5_CAA/yigFAA/kgFolB/TM
---------------------------------------------------------------------~->

------------------
http://all.net/ 

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ 



This archive was generated by hypermail 2.1.2 : 2001-12-31 20:59:53 PST