[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Moscowchannel.com hack



On Sun, 1 Sep 1996 10:09:32 -0500 (CDT), Igor Chudov @ home wrote:

>> > Not really crypto, but related to the DOJ hack in a way.
>> > 
>> > Moscow Channel is a pretty slick, Russian news/commentary >>page.  Their Web
>> > site was hacked and altered by someone who didn't seem to >>like Russians all
>> > Just a matter of time before some builds a dedicated Satan >>type tool that
>> > scans for  HTTP server holes or messed up file permissions >>to make locating
>> > potential victims easy.
>> Write your web site to a CD-ROM and hard-code the base >>directory into the
>> webserver.
>
>A hacker who has root can forcibly unmount the cdrom and mount >another
>directory on that node. Not a good solution.

Hack your system kernel to only allow mounting read-only media to that point. 
Most hackers wouldn't try "hot-patching" the system kernel.  The ones that can
probably have better things to do than hack your page.

- "'Anonymity is bad,' says a source who wishes to remain anonymous." - Nuff' said.
* Home: Chris Adams <[email protected]> | http://www.io-online.com/adamsc/adamsc.htp
* Autoresponder: send email w/subject of "send resume" or "send PGPKEY"
* Work: [email protected] | V.M. (619)515-4894 | (619)689-6579
* Member in good standing of the GNU whirled hors d'oeuvre