Return-Path: <sentto-279987-2777-1002550814-fc=all.net@returns.onelist.com> Delivered-To: fc@all.net Received: from 204.181.12.215 by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Mon, 08 Oct 2001 07:21:08 -0700 (PDT) Received: (qmail 13143 invoked by uid 510); 8 Oct 2001 14:20:15 -0000 Received: from n31.groups.yahoo.com (216.115.96.81) by 204.181.12.215 with SMTP; 8 Oct 2001 14:20:15 -0000 X-eGroups-Return: sentto-279987-2777-1002550814-fc=all.net@returns.onelist.com Received: from [10.1.4.54] by n31.groups.yahoo.com with NNFMP; 08 Oct 2001 14:20:19 -0000 X-Sender: fc@big.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-7_4_1); 8 Oct 2001 14:20:14 -0000 Received: (qmail 12538 invoked from network); 8 Oct 2001 14:20:13 -0000 Received: from unknown (10.1.10.142) by l8.egroups.com with QMQP; 8 Oct 2001 14:20:13 -0000 Received: from unknown (HELO big.all.net) (65.0.156.78) by mta3 with SMTP; 8 Oct 2001 14:20:13 -0000 Received: (from fc@localhost) by big.all.net (8.9.3/8.7.3) id HAA10958 for iwar@onelist.com; Mon, 8 Oct 2001 07:20:13 -0700 Message-Id: <200110081420.HAA10958@big.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL1] From: Fred Cohen <fc@all.net> Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Mon, 8 Oct 2001 07:20:13 -0700 (PDT) Reply-To: iwar@yahoogroups.com Subject: [iwar] [fc:Top.Company.Websites.Are.Hackers'.Dream] Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 8bit Top Company Websites Are Hackers' Dream By James Middleton, Vnunet, 10/8/2001 <a href="http://www.antionline.com/showthread.php?threadid=116993">http://www.antionline.com/showthread.php?threadid=116993> Almost 80 per cent of .com websites could be compromised by hackers, according to research by DNS software developer Men & Mice. Ongoing research has found that a quarter of Fortune 1000 companies were running servers with vulnerable DNS setups. This means that around 250 multinational corporates are at risk of losing their websites. And it's not just hackers or worms that are the worry: there is no protection from natural outages either. If the single network segment housing their DNS servers fails, the site goes down. Despite high profile attacks followed by higher profile warnings and advisories about configuration and flaws in the Bind software, a majority of websites still suffer from DNS bugbears. Worryingly, the results of the latest Domain Health Survey, from August, shows that 78.96 per cent of 5000 randomly selected internet zones have incorrect setups. Men & Mice found that a majority of errors were caused by administrators misconfiguring DNS zone setups, causing "lame delegations". Despite leaving security holes in the system, lame delegations can cause potentially serious problems for web visitors and for delivery of mail. If only one of the servers to which the zone is delegated has authoritative data for the zone, then if that server should become unavailable, the zone is effectively not locatable from the net. It doesn't matter if there are other servers that have authoritative data for the zone, because they are not listed in the delegation. The report noted that although 36.16 per cent of zones block zone transfer, "this has no effect on the security of the zone data itself, and only provides security by obscurity," said Men & Mice. A high number of vulnerable sites are also those guilty of not applying patches to fix the serious vulnerabilities found in Bind software back in January. Men & Mice said these unpatched servers could "allow hackers to steal credit card numbers, hijack websites or redirect email traffic." Copyright © 2001 VNU Business Online Limited (UK) [All rights reserved] ------------------------ Yahoo! Groups Sponsor ---------------------~--> Get your FREE VeriSign guide to security solutions for your web site: encrypting transactions, securing intranets, and more! http://us.click.yahoo.com/UnN2wB/m5_CAA/yigFAA/kgFolB/TM ---------------------------------------------------------------------~-> ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-12-31 20:59:54 PST