[iwar] [fc:Top.Company.Websites.Are.Hackers'.Dream]

From: Fred Cohen (fc@all.net)
Date: 2001-10-08 07:20:13

Next message: Fred Cohen: "[iwar] [fc:German.Hacker.Launches.'Kill.net'.In.Anti-Terrorism.Effort]"
Previous message: Fred Cohen: "[iwar] [fc:Mitnick.Warns.Other.'Scapegoats']"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Message-Id: <200110081420.HAA10958@big.all.net>
To: iwar@onelist.com (Information Warfare Mailing List)
Organization: I'm not allowed to say
From: Fred Cohen <fc@all.net>
Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com
Precedence: bulk
Date: Mon, 8 Oct 2001 07:20:13 -0700 (PDT)
Reply-To: iwar@yahoogroups.com
Subject: [iwar] [fc:Top.Company.Websites.Are.Hackers'.Dream]
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 8bit

Top Company Websites Are Hackers' Dream 
By James Middleton, Vnunet, 10/8/2001
<a href="http://www.antionline.com/showthread.php?threadid=116993">http://www.antionline.com/showthread.php?threadid=116993>

Almost 80 per cent of .com websites could be compromised by hackers,
according to research by DNS software developer Men &amp; Mice.  Ongoing
research has found that a quarter of Fortune 1000 companies were running
servers with vulnerable DNS setups.  This means that around 250
multinational corporates are at risk of losing their websites.  And it's
not just hackers or worms that are the worry: there is no protection
from natural outages either.  If the single network segment housing
their DNS servers fails, the site goes down. 

Despite high profile attacks followed by higher profile warnings and
advisories about configuration and flaws in the Bind software, a
majority of websites still suffer from DNS bugbears. 

Worryingly, the results of the latest Domain Health Survey, from August,
shows that 78.96 per cent of 5000 randomly selected internet zones have
incorrect setups. 

Men &amp; Mice found that a majority of errors were caused by
administrators misconfiguring DNS zone setups, causing "lame
delegations". 

Despite leaving security holes in the system, lame delegations can cause
potentially serious problems for web visitors and for delivery of mail. 
If only one of the servers to which the zone is delegated has
authoritative data for the zone, then if that server should become
unavailable, the zone is effectively not locatable from the net.  It
doesn't matter if there are other servers that have authoritative data
for the zone, because they are not listed in the delegation.  The report
noted that although 36.16 per cent of zones block zone transfer, "this
has no effect on the security of the zone data itself, and only provides
security by obscurity," said Men &amp; Mice. 

A high number of vulnerable sites are also those guilty of not applying
patches to fix the serious vulnerabilities found in Bind software back
in January. 

Men &amp; Mice said these unpatched servers could "allow hackers to
steal credit card numbers, hijack websites or redirect email traffic."
Copyright © 2001 VNU Business Online Limited (UK) [All rights reserved]

------------------------ Yahoo! Groups Sponsor ---------------------~-->
Get your FREE VeriSign guide to security solutions for your web site: encrypting transactions, securing intranets, and more!
http://us.click.yahoo.com/UnN2wB/m5_CAA/yigFAA/kgFolB/TM
---------------------------------------------------------------------~->

------------------
http://all.net/ 

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/

Next message: Fred Cohen: "[iwar] [fc:German.Hacker.Launches.'Kill.net'.In.Anti-Terrorism.Effort]"
Previous message: Fred Cohen: "[iwar] [fc:Mitnick.Warns.Other.'Scapegoats']"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.2 : 2001-12-31 20:59:54 PST