[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Recent Web site cracks
The recent cracks of the DOJ, CIA and Dole web sites have caused me to think
about just what is going on here.
Do you suppose that these entries were made via the httpd route, maybe via
cgi-bin, or just a straight telnet-type entry to the server? I don't know
what operating systems were involved with these three systems, or even if it
was the same in all cases. I expect that there have been other such break-ins
that we have not heard about.
The speed with which the attacks are made, and the completeness of the hack
seems to indicate that someone knows something.
As a long-time Unix Sys Admin, I am aware that most security holes are due
to piss-poor administration, with a few system holes that may be exploited
by the reasonably sophisticated, but I am not aware of any glaring holes in
the httpd code. I suppose it's stupid of me to think this, but I would have
though that these three sites in particular, would have cleaned-up their act
in this respect.
I suppose that it is possible that there is a route back, through the browser,
but this doesn't seem very likely, even with a thoroughly hacked, custom browser.
Does anyone have any ideas about these attacks, how and where the entry was
made, which operating systems were involved, etc?
Cheers,
-paul