[iwar] [fc:Yahoo.hack.raises.online.security.fear]

From: Fred Cohen (fc@all.net)
Date: 2001-10-02 06:19:40


Return-Path: <sentto-279987-2616-1002028813-fc=all.net@returns.onelist.com>
Delivered-To: fc@all.net
Received: from 204.181.12.215 by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Tue, 02 Oct 2001 06:23:24 -0700 (PDT)
Received: (qmail 13783 invoked by uid 510); 2 Oct 2001 13:20:22 -0000
Received: from n34.groups.yahoo.com (216.115.96.84) by 204.181.12.215 with SMTP; 2 Oct 2001 13:20:22 -0000
X-eGroups-Return: sentto-279987-2616-1002028813-fc=all.net@returns.onelist.com
Received: from [10.1.1.222] by n34.groups.yahoo.com with NNFMP; 02 Oct 2001 13:20:13 -0000
X-Sender: fc@big.all.net
X-Apparently-To: iwar@onelist.com
Received: (EGP: mail-7_4_1); 2 Oct 2001 13:20:13 -0000
Received: (qmail 85575 invoked from network); 2 Oct 2001 13:20:12 -0000
Received: from unknown (10.1.10.142) by 10.1.1.222 with QMQP; 2 Oct 2001 13:20:12 -0000
Received: from unknown (HELO big.all.net) (65.0.156.78) by mta3 with SMTP; 2 Oct 2001 13:19:57 -0000
Received: (from fc@localhost) by big.all.net (8.9.3/8.7.3) id GAA03655 for iwar@onelist.com; Tue, 2 Oct 2001 06:19:40 -0700
Message-Id: <200110021319.GAA03655@big.all.net>
To: iwar@onelist.com (Information Warfare Mailing List)
Organization: I'm not allowed to say
X-Mailer: don't even ask
X-Mailer: ELM [version 2.5 PL1]
From: Fred Cohen <fc@all.net>
Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com
Delivered-To: mailing list iwar@yahoogroups.com
Precedence: bulk
List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com>
Date: Tue, 2 Oct 2001 06:19:40 -0700 (PDT)
Reply-To: iwar@yahoogroups.com
Subject: [iwar] [fc:Yahoo.hack.raises.online.security.fear]
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

Yahoo hack raises online security fear

By David Neal, IT Week ZDNet, 10/2/2001
<a href="http://www.zdnet.com/zdnn/stories/news/0,4586,2815654,00.html">http://www.zdnet.com/zdnn/stories/news/0,4586,2815654,00.html>

(UK) October 1, 2001 11:58 AM PT A hacker attack on the Yahoo news Web
site has raised questions about online security, and highlighted the
dangers of leaving content open to manipulation. 

Late last month, Yahoo admitted that a hacker had substantially altered
the content of a news story on its site.  The hacker later said that he
had amended as many as three other stories over the course of a month. 
Yahoo was alerted to the attack by security consultancy SecurityFocus. 
SecurityFocus told Yahoo that the hacker wanted to highlight security
weaknesses in the Yahoo system and was not targeting the site for
malicious reasons. 

Companies that rely on content management tools to alert them if text or
images on their Web sites have been altered are being advised by experts
to consider extra security provisions, to ensure that they do not fall
victim to similar attacks. 

Bryan Richter, vice president and general manager of business content
management tools developer Stellent, said, "Firms need to better manage
the content on their sites and how that content gets there.  Many
companies are still vulnerable to rogue information being published,
either by malicious intent or by accident, and the risks they run can be
enormous."

However, content management systems can help to limit the damage such
attacks cause.  Michael Puhala, content infrastructure strategist at
Interwoven, said, "A good content infrastructure strategy separates
content creation from Web production.  As soon as a violation occurs to
content on the live site, the original content can be redeployed to the
Web server from the database or content repository."


------------------------ Yahoo! Groups Sponsor ---------------------~-->
Get your FREE VeriSign guide to security solutions for your web site: encrypting transactions, securing intranets, and more!
http://us.click.yahoo.com/UnN2wB/m5_CAA/yigFAA/kgFolB/TM
---------------------------------------------------------------------~->

------------------
http://all.net/ 

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ 



This archive was generated by hypermail 2.1.2 : 2001-12-31 20:59:53 PST