[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Moscowchannel.com hack
-----BEGIN PGP SIGNED MESSAGE-----
On Sun, 1 Sep 1996, Igor Chudov @ home wrote:
> snow wrote:
> > On Sat, 31 Aug 1996, Joel McNamara wrote:
> > > Not really crypto, but related to the DOJ hack in a way.
> > >
> > > Moscow Channel is a pretty slick, Russian news/commentary page. Their Web
> > > site was hacked and altered by someone who didn't seem to like Russians all
> > > Just a matter of time before some builds a dedicated Satan type tool that
> > > scans for HTTP server holes or messed up file permissions to make locating
> > > potential victims easy.
> > Write your web site to a CD-ROM and hard-code the base directory into the
> > webserver.
> A hacker who has root can forcibly unmount the cdrom and mount another
> directory on that node. Not a good solution.
As soon as the sysadmin finds out, said directory can be unmounted and CD-ROM
device can be remounted. Besides, if someone manages to get root access on any
machine, the sysadmin of that machine is basically screwed anyway. It's much
better than having to back up the web page on a tape and having to restore the
data when it is altered.
- -- Mark
PGP encrypted mail prefered.
Key fingerprint = d61734f2800486ae6f79bfeb70f95348
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----