Return-Path: <sentto-279987-2616-1002028813-fc=all.net@returns.onelist.com> Delivered-To: fc@all.net Received: from 204.181.12.215 by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Tue, 02 Oct 2001 06:23:24 -0700 (PDT) Received: (qmail 13783 invoked by uid 510); 2 Oct 2001 13:20:22 -0000 Received: from n34.groups.yahoo.com (216.115.96.84) by 204.181.12.215 with SMTP; 2 Oct 2001 13:20:22 -0000 X-eGroups-Return: sentto-279987-2616-1002028813-fc=all.net@returns.onelist.com Received: from [10.1.1.222] by n34.groups.yahoo.com with NNFMP; 02 Oct 2001 13:20:13 -0000 X-Sender: fc@big.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-7_4_1); 2 Oct 2001 13:20:13 -0000 Received: (qmail 85575 invoked from network); 2 Oct 2001 13:20:12 -0000 Received: from unknown (10.1.10.142) by 10.1.1.222 with QMQP; 2 Oct 2001 13:20:12 -0000 Received: from unknown (HELO big.all.net) (65.0.156.78) by mta3 with SMTP; 2 Oct 2001 13:19:57 -0000 Received: (from fc@localhost) by big.all.net (8.9.3/8.7.3) id GAA03655 for iwar@onelist.com; Tue, 2 Oct 2001 06:19:40 -0700 Message-Id: <200110021319.GAA03655@big.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL1] From: Fred Cohen <fc@all.net> Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Tue, 2 Oct 2001 06:19:40 -0700 (PDT) Reply-To: iwar@yahoogroups.com Subject: [iwar] [fc:Yahoo.hack.raises.online.security.fear] Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Yahoo hack raises online security fear By David Neal, IT Week ZDNet, 10/2/2001 <a href="http://www.zdnet.com/zdnn/stories/news/0,4586,2815654,00.html">http://www.zdnet.com/zdnn/stories/news/0,4586,2815654,00.html> (UK) October 1, 2001 11:58 AM PT A hacker attack on the Yahoo news Web site has raised questions about online security, and highlighted the dangers of leaving content open to manipulation. Late last month, Yahoo admitted that a hacker had substantially altered the content of a news story on its site. The hacker later said that he had amended as many as three other stories over the course of a month. Yahoo was alerted to the attack by security consultancy SecurityFocus. SecurityFocus told Yahoo that the hacker wanted to highlight security weaknesses in the Yahoo system and was not targeting the site for malicious reasons. Companies that rely on content management tools to alert them if text or images on their Web sites have been altered are being advised by experts to consider extra security provisions, to ensure that they do not fall victim to similar attacks. Bryan Richter, vice president and general manager of business content management tools developer Stellent, said, "Firms need to better manage the content on their sites and how that content gets there. Many companies are still vulnerable to rogue information being published, either by malicious intent or by accident, and the risks they run can be enormous." However, content management systems can help to limit the damage such attacks cause. Michael Puhala, content infrastructure strategist at Interwoven, said, "A good content infrastructure strategy separates content creation from Web production. As soon as a violation occurs to content on the live site, the original content can be redeployed to the Web server from the database or content repository." ------------------------ Yahoo! Groups Sponsor ---------------------~--> Get your FREE VeriSign guide to security solutions for your web site: encrypting transactions, securing intranets, and more! http://us.click.yahoo.com/UnN2wB/m5_CAA/yigFAA/kgFolB/TM ---------------------------------------------------------------------~-> ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-12-31 20:59:53 PST