Return-Path: <sentto-279987-2735-1002337700-fc=all.net@returns.onelist.com> Delivered-To: fc@all.net Received: from 204.181.12.215 by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Fri, 05 Oct 2001 20:13:12 -0700 (PDT) Received: (qmail 25787 invoked by uid 510); 6 Oct 2001 03:10:39 -0000 Received: from n26.groups.yahoo.com (216.115.96.76) by 204.181.12.215 with SMTP; 6 Oct 2001 03:10:39 -0000 X-eGroups-Return: sentto-279987-2735-1002337700-fc=all.net@returns.onelist.com Received: from [10.1.1.224] by n26.groups.yahoo.com with NNFMP; 06 Oct 2001 03:10:38 -0000 X-Sender: fc@big.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-7_4_1); 6 Oct 2001 03:08:20 -0000 Received: (qmail 59013 invoked from network); 6 Oct 2001 03:08:20 -0000 Received: from unknown (10.1.10.26) by 10.1.1.224 with QMQP; 6 Oct 2001 03:08:20 -0000 Received: from unknown (HELO big.all.net) (65.0.156.78) by mta1 with SMTP; 6 Oct 2001 03:10:37 -0000 Received: (from fc@localhost) by big.all.net (8.9.3/8.7.3) id UAA26427 for iwar@onelist.com; Fri, 5 Oct 2001 20:10:37 -0700 Message-Id: <200110060310.UAA26427@big.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL1] From: Fred Cohen <fc@all.net> Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Fri, 5 Oct 2001 20:10:37 -0700 (PDT) Reply-To: iwar@yahoogroups.com Subject: [iwar] [fc:A.Thousand.Defacements.for.the.Price.of.One.] Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit A Thousand Defacements for the Price of One. By Andrew Conry-Murray, Network Magazine, 10/5/2001 <a href="http://www.networkmagazine.com/">http://www.networkmagazine.com/> A group of Internet vandals hit the jackpot this August, defacing more than a thousand Web sites with a single intrusion. Experts surmise that the group, which broke into a Solaris server acting as a virtual host to more than a thousand sites, used automated tools to replace the legitimate pages with its own content. The vandals' coup was short-lived, however. The hosting company, Vital Stream (www.vitalstream.com), detected the attack within minutes. Company administrators "went to a mirrored image and got it up and running right away." Mass defacements are on the rise, according to Paul Robertson, director of risk assessment for security company TruSecure (www.trusecure.com). He cites three main reasons. The first is that racking up numbers is a quick way to achieve notoriety in the defacement community. "It's a bunch of kids playing a game," says Robertson. "They want to brag about how many sites they've defaced. It's all about points." Second, he says the automated scripts that find and exploit server vulnerabilities have improved. Such tools help those with few computer skills to spray digital graffiti. Third, as Web server efficiency improves, more hosting companies load multiple sites onto one machine to reduce costs. This may increase the chance for a mass defacement. The Web site www.alldas.de tracks defacements around the world. It provides a variety of statistics for each verified defacement, including URL, server OS, and the group claiming responsibility. Alldas statistics show that Microsoft platforms get hit most often. - Saving Face Administrators concerned about Web site defacement may want to ask their hosting companies the following questions, says Paul Robertson, director of risk assessment for security company TruSecure (www.trusecure.com). - Aside from emergency patches, what is your regular maintenance schedule for Web servers? - Does the hosting company perform integrity checks on the OS and content? - What are the hosting company's escalation policies and procedures during and after an attack? ------------------------ Yahoo! Groups Sponsor ---------------------~--> Pinpoint the right security solution for your company- Learn how to add 128- bit encryption and to authenticate your web site with VeriSign's FREE guide! http://us.click.yahoo.com/yQix2C/33_CAA/yigFAA/kgFolB/TM ---------------------------------------------------------------------~-> ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-12-31 20:59:54 PST