Return-Path: <sentto-279987-2559-1001943245-fc=all.net@returns.onelist.com> Delivered-To: fc@all.net Received: from 204.181.12.215 by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Mon, 01 Oct 2001 06:36:07 -0700 (PDT) Received: (qmail 507 invoked by uid 510); 1 Oct 2001 13:35:36 -0000 Received: from n28.groups.yahoo.com (216.115.96.78) by 204.181.12.215 with SMTP; 1 Oct 2001 13:35:36 -0000 X-eGroups-Return: sentto-279987-2559-1001943245-fc=all.net@returns.onelist.com Received: from [10.1.1.223] by f19.egroups.com with NNFMP; 01 Oct 2001 13:35:27 -0000 X-Sender: fc@big.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-7_4_1); 1 Oct 2001 13:34:05 -0000 Received: (qmail 60165 invoked from network); 1 Oct 2001 13:34:02 -0000 Received: from unknown (10.1.10.26) by 10.1.1.223 with QMQP; 1 Oct 2001 13:34:02 -0000 Received: from unknown (HELO big.all.net) (65.0.156.78) by mta1 with SMTP; 1 Oct 2001 13:35:24 -0000 Received: (from fc@localhost) by big.all.net (8.9.3/8.7.3) id GAA23897 for iwar@onelist.com; Mon, 1 Oct 2001 06:35:24 -0700 Message-Id: <200110011335.GAA23897@big.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL1] From: Fred Cohen <fc@all.net> Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Mon, 1 Oct 2001 06:35:23 -0700 (PDT) Reply-To: iwar@yahoogroups.com Subject: [iwar] [fc:BWI.Airport.website.defaced] Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit BWI Airport website defaced Attrition.org, 10/1/2001 In the wake of the WTC/Pentagon attacks, the importance of all types of security is abundantly clear. Many people have questioned the relation of online security after the breakdowns in physical security that contributed to the tragic events on September 11. The defacement of the BWI Airport web site provides just such an example. Visitors to the site are able to easily click to curent flight information. http://www.bwiairport.com/frames/0_arrivals.html After agreeing that the information you see may not be accurate, you are given a nice schedule of flights and their curent status. What if a computr criminal were to make small variations on these schedules. Alter flight times, gates, destinations, or worse, change the status of a flight from 'LANDED' to 'CRASHED'. The sheer panic and resulting mayhem would be a disaster unto itself. These types of attacks (often referred to Subversion of Information attacks) are perhaps the worst imagineable in the realm of web defacements. This is one of the cases where it seems fortunate that the attacker left an obvious defacement instead of something more subtle. Defaced Website: www.bwiairport.com Defaced by: tty0 Mirror: <a href="http://defaced.alldas.de/mirror/2001/09/27/www.bwiairport.com/">http://defaced.alldas.de/mirror/2001/09/27/www.bwiairport.com/> ------------------------ Yahoo! Groups Sponsor ---------------------~--> Get your FREE VeriSign guide to security solutions for your web site: encrypting transactions, securing intranets, and more! http://us.click.yahoo.com/UnN2wB/m5_CAA/yigFAA/kgFolB/TM ---------------------------------------------------------------------~-> ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-12-31 20:59:53 PST