[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Moscowchannel.com hack
On Sun, 1 Sep 1996 10:09:32 -0500 (CDT), Igor Chudov @ home wrote:
>> > Not really crypto, but related to the DOJ hack in a way.
>> >
>> > Moscow Channel is a pretty slick, Russian news/commentary >>page. Their Web
>> > site was hacked and altered by someone who didn't seem to >>like Russians all
>> > Just a matter of time before some builds a dedicated Satan >>type tool that
>> > scans for HTTP server holes or messed up file permissions >>to make locating
>> > potential victims easy.
>> Write your web site to a CD-ROM and hard-code the base >>directory into the
>> webserver.
>
>A hacker who has root can forcibly unmount the cdrom and mount >another
>directory on that node. Not a good solution.
Hack your system kernel to only allow mounting read-only media to that point.
Most hackers wouldn't try "hot-patching" the system kernel. The ones that can
probably have better things to do than hack your page.
- "'Anonymity is bad,' says a source who wishes to remain anonymous." - Nuff' said.
* Home: Chris Adams <[email protected]> | http://www.io-online.com/adamsc/adamsc.htp
* Autoresponder: send email w/subject of "send resume" or "send PGPKEY"
* Work: [email protected] | V.M. (619)515-4894 | (619)689-6579
* Member in good standing of the GNU whirled hors d'oeuvre