Return-Path: <sentto-279987-3639-1004451203-fc=all.net@returns.onelist.com> Delivered-To: fc@all.net Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Tue, 30 Oct 2001 06:14:07 -0800 (PST) Received: (qmail 443 invoked by uid 510); 30 Oct 2001 14:12:41 -0000 Received: from n20.groups.yahoo.com (216.115.96.70) by 204.181.12.215 with SMTP; 30 Oct 2001 14:12:41 -0000 X-eGroups-Return: sentto-279987-3639-1004451203-fc=all.net@returns.onelist.com Received: from [10.1.1.221] by n20.groups.yahoo.com with NNFMP; 30 Oct 2001 14:12:22 -0000 X-Sender: fc@red.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-8_0_0_1); 30 Oct 2001 14:13:23 -0000 Received: (qmail 64330 invoked from network); 30 Oct 2001 14:13:23 -0000 Received: from unknown (10.1.10.142) by 10.1.1.221 with QMQP; 30 Oct 2001 14:13:23 -0000 Received: from unknown (HELO red.all.net) (65.0.156.78) by mta3 with SMTP; 30 Oct 2001 14:13:23 -0000 Received: (from fc@localhost) by red.all.net (8.11.2/8.11.2) id f9UEDRb17029 for iwar@onelist.com; Tue, 30 Oct 2001 06:13:27 -0800 Message-Id: <200110301413.f9UEDRb17029@red.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL3] From: Fred Cohen <fc@all.net> X-Yahoo-Profile: fcallnet Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Tue, 30 Oct 2001 06:13:26 -0800 (PST) Reply-To: iwar@yahoogroups.com Subject: [iwar] [fc:Security.Site.Succumbs.Again.To.Hackers] Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Security Site Succumbs Again To Hackers By Brian McWilliams, Newsbytes, 10/29/2001 <a href="http://www.newsbytes.com/news/01/171555.html">http://www.newsbytes.com/news/01/171555.html> Proving that hackers can sometimes be masters of irony, a popular security news site has been defaced for the second time this week. Visitors to SecurityNewsPortal.com (SNP) Thursday night were greeted by a statement apparently from Marquis Grove, the non-profit site's operator. The attacker's message, which cleverly mimicked the style and format of an earlier announcement from Grove, said that German hacker-turned-entrepreneur Kim Schmitz had agreed to finance the site. "Soon we will be moving the Web site to his secure, hacker-proof servers (thanks Kim!). We are also hiring a full-time staff of experienced hackers to manage the site and its content, since I am not suited to run such a site. I will manage the business aspects of it, but I will no longer continue to pose as a hacker," said the phony message, which was signed "Marquis Grove, YIHAT Vice President of Marketing." Yihat, which stands for Young Intelligent Hackers Against Terrorism, is the controversial group of international hackers organized by Schmitz with the mission of disrupting the financial networks used by terrorists. The Yihat site at Kill.net, as well as Schmitz's personal site Kimble.org, were recently defaced by a notorious hacking group called Fluffy Bunny. In an e-mail interview, Grove said today that he anticipated the redefacement of SNP because the attackers had both motive and opportunity. "The defacer is probably very upset that his original defacement backfired. I really do not think he expected us to be receiving all those kind offers of support and secure hosting from major security companies and the Universities. It must have truly rotted his socks," said Grove, who is currently on medical leave from his position as director of information security for a large telecommunications firm On Tuesday evening, attackers defaced SNP with a message, apparently signed by Schmitz, accusing SecurityNewsPortal.com of catering to "script kiddies" and accusing the site's operators of being "security scenewhores." Although Grove said he did not believe Schmitz or Yihat were responsible, he responded Tuesday by posting a statement announcing that he would discontinue SNP as a result of the defacement. In an interview after the first attack, Grove said shutting down the site would "prove a point to the defacer and to the security industry." In the wake of the first defacement, Grove reported receiving thousands of e-mails from supporters as well as offers for secure hosting and financial assistance. The company currently hosting SNP, Skyport Hosting Services, obviously failed to take the proper measures to properly secure the system following the first defacement, said Grove. As a result, Grove said he has instructed the firm to shut down the site until they can determine how the attackers are getting in and can secure the server. Grove told Newsbytes he suspects the two defacements are the work of an attacker who calls him Gobbles and who vandalized another security site, New Order, with a similarly ironic message last weekend. While many readers apparently were duped by the first defacement of SNP, few fans of the site are likely to swallow the latest message left by attackers. The defacement implored the media to stop ridiculing the flamboyant Schmitz, who is reportedly near bankruptcy. "This man is an incredible asset to the world right now, and we should not reward his heroism with unkind words concerning his current state of bankruptcy," said the defacer's message. The latest defacement did contain one piece of somewhat factually accurate information, according to Grove. The bogus message promised SNP would be "re-opening" Oct. 31. In fact, while Grove plans to bring the site back in the future, he said he is still considering hosting and financial assistance offers and could not predict how fast those discussions would proceed. A mirror of the latest SNP defacement is at <a href="http://defaced.alldas.de/mirror/2001/10/26/www.securitynewsportal.com">http://defaced.alldas.de/mirror/2001/10/26/www.securitynewsportal.com> . The original defacement is online at <a href="http://defaced.alldas.de/mirror/2001/10/24/www.securitynewsportal.com">http://defaced.alldas.de/mirror/2001/10/24/www.securitynewsportal.com> . ------------------------ Yahoo! Groups Sponsor ---------------------~--> Get your FREE VeriSign guide to security solutions for your web site: encrypting transactions, securing intranets, and more! http://us.click.yahoo.com/UnN2wB/m5_CAA/yigFAA/kgFolB/TM ---------------------------------------------------------------------~-> ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-12-31 20:59:58 PST