[iwar] [fc:A.Thousand.Defacements.for.the.Price.of.One.]

From: Fred Cohen (fc@all.net)
Date: 2001-10-05 20:10:37

Next message: Fred Cohen: "[iwar] [fc:America's.computer.databases.and.satellite.navigation.systems.are.vulnerable]"
Previous message: Fred Cohen: "[iwar] [fc:911.Backup.Site.Is.Eyed.As.A.Target]"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Message-Id: <200110060310.UAA26427@big.all.net>
To: iwar@onelist.com (Information Warfare Mailing List)
Organization: I'm not allowed to say
From: Fred Cohen <fc@all.net>
Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com
Precedence: bulk
Date: Fri, 5 Oct 2001 20:10:37 -0700 (PDT)
Reply-To: iwar@yahoogroups.com
Subject: [iwar] [fc:A.Thousand.Defacements.for.the.Price.of.One.]
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

A Thousand Defacements for the Price of One. 
By Andrew Conry-Murray, Network Magazine, 10/5/2001
<a href="http://www.networkmagazine.com/">http://www.networkmagazine.com/> 
A group of Internet vandals hit the jackpot this August, defacing more
than a thousand Web sites with a single intrusion. Experts surmise that
the group, which broke into a Solaris server acting as a virtual host to
more than a thousand sites, used automated tools to replace the
legitimate pages with its own content. 
The vandals' coup was short-lived, however. The hosting company, Vital
Stream (www.vitalstream.com), detected the attack within minutes.
Company administrators "went to a mirrored image and got it up and
running right away." 
Mass defacements are on the rise, according to Paul Robertson, director
of risk assessment for security company TruSecure (www.trusecure.com).
He cites three main reasons. The first is that racking up numbers is a
quick way to achieve notoriety in the defacement community. "It's a
bunch of kids playing a game," says Robertson. "They want to brag about
how many sites they've defaced. It's all about points." 
Second, he says the automated scripts that find and exploit server
vulnerabilities have improved. Such tools help those with few computer
skills to spray digital graffiti. 
Third, as Web server efficiency improves, more hosting companies load
multiple sites onto one machine to reduce costs. This may increase the
chance for a mass defacement. 
The Web site www.alldas.de tracks defacements around the world. It
provides a variety of statistics for each verified defacement, including
URL, server OS, and the group claiming responsibility. Alldas statistics
show that Microsoft platforms get hit most often. 
- 
Saving Face 
Administrators concerned about Web site defacement may want to ask their
hosting companies the following questions, says Paul Robertson, director
of risk assessment for security company TruSecure (www.trusecure.com). 
- Aside from emergency patches, what is your regular maintenance
schedule for Web servers? 
- Does the hosting company perform integrity checks on the OS and
content? 
- What are the hosting company's escalation policies and procedures
during and after an attack?


------------------------ Yahoo! Groups Sponsor ---------------------~-->
Pinpoint the right security solution for your company- Learn how to add 128- bit encryption and to authenticate your web site with VeriSign's FREE guide!
http://us.click.yahoo.com/yQix2C/33_CAA/yigFAA/kgFolB/TM
---------------------------------------------------------------------~->

------------------
http://all.net/ 

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/

Next message: Fred Cohen: "[iwar] [fc:America's.computer.databases.and.satellite.navigation.systems.are.vulnerable]"
Previous message: Fred Cohen: "[iwar] [fc:911.Backup.Site.Is.Eyed.As.A.Target]"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.2 : 2001-12-31 20:59:54 PST