Return-Path: <sentto-279987-4405-1012405066-fc=all.net@returns.groups.yahoo.com> Delivered-To: fc@all.net Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Wed, 30 Jan 2002 07:41:08 -0800 (PST) Received: (qmail 15283 invoked by uid 510); 30 Jan 2002 15:37:32 -0000 Received: from n10.groups.yahoo.com (216.115.96.60) by all.net with SMTP; 30 Jan 2002 15:37:32 -0000 X-eGroups-Return: sentto-279987-4405-1012405066-fc=all.net@returns.groups.yahoo.com Received: from [216.115.97.189] by n10.groups.yahoo.com with NNFMP; 30 Jan 2002 15:37:47 -0000 X-Sender: fc@red.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-8_0_1_3); 30 Jan 2002 15:37:45 -0000 Received: (qmail 48912 invoked from network); 30 Jan 2002 15:37:45 -0000 Received: from unknown (216.115.97.172) by m3.grp.snv.yahoo.com with QMQP; 30 Jan 2002 15:37:45 -0000 Received: from unknown (HELO red.all.net) (12.232.72.98) by mta2.grp.snv.yahoo.com with SMTP; 30 Jan 2002 15:37:45 -0000 Received: (from fc@localhost) by red.all.net (8.11.2/8.11.2) id g0UFcoh32756 for iwar@onelist.com; Wed, 30 Jan 2002 07:38:50 -0800 Message-Id: <200201301538.g0UFcoh32756@red.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL3] From: Fred Cohen <fc@all.net> X-Yahoo-Profile: fcallnet Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Wed, 30 Jan 2002 07:38:50 -0800 (PST) Subject: [iwar] [fc:Washington.Post's.Tech.site.hacked] Reply-To: iwar@yahoogroups.com Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit <a href="http://www.washingtonpost.com/wp-dyn/articles/A51403-2002Jan28.html">http://www.washingtonpost.com/wp-dyn/articles/A51403-2002Jan28.html> By Nicholas Johnston Washington Post Staff Writer Tuesday, January 29, 2002; Page E05 Computer hackers attacked the Web site Washtech.com yesterday evening, replacing content on the news site's home page with taunts to the site's administrators and greetings to fellow hackers. The attack occurred around 6 p.m., and the bogus content on the home page was visible for about 20 minutes before administrators could shut the site down. As of last night, officials at Washtech, a Web site for technology news that operates alongside washingtonpost.com, did not know how the attack was conducted or when the Web site would be back online. At about 8:20 p.m., the main page of Washtech was rudimentarily rebuilt with a few headlines and links. "As soon as we learned about it, we took the site down," said Valerie Voci, Washtech's publisher. "We're still assessing what the security breach was." The Washington Post's main news site, washingtonpost.com, runs on separate computers from the Washtech site and was not affected by the attack, Voci said. Both Web sites are run by Washingtonpost.Newsweek Interactive, the Internet arm of The Washington Post Co. "It's a dangerous neighborhood out there," said Alan Paller, director of research at the SANS Institute, an Internet security research and education organization in Bethesda. "There are certain attacks that nobody can block. . . . If your people aren't absolutely, all the time on the latest patches, you're going to get hit." The message on the Web site included names tied to a group known as aCid fAlz Group. The group's Web site said the group defaces Web pages only as a means of exposing security holes in server software. It does this by changing a site's index file, the first page displayed on a site. That was the file altered on the Washtech Web site. E-mails sent to members of the group were not returned; a phone number listed for the administrator of the aCid fAlz Web site was not in service. Under the National Information Infrastructure Protection Act of 1996, unauthorized access of a computer that results in damages in excess of $5,000 can result in a fine or imprisonment of up to five years. A recent study found there were 52,658 network security breaches last year. Another study found that 41 percent of companies surveyed by a local Internet security firm reported a security breach that compromised their computer system. "This happens on the Internet," Voci said. "Unfortunately it's happened to us." ------------------------ Yahoo! Groups Sponsor ---------------------~--> Sponsored by VeriSign - The Value of Trust When building an e-commerce site, you want to start with a secure foundation. Learn how with VeriSign's FREE Guide. http://us.click.yahoo.com/oCuuSA/XdiDAA/yigFAA/kgFolB/TM ---------------------------------------------------------------------~-> ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2002-12-31 02:15:03 PST