Information Security News mailing list archives

Website hacked after nine million attempts

From: William Knowles <wk () C4I ORG>
Date: Thu, 2 Nov 2000 01:18:39 -0600

[Young Mr. Vranesevich must be taking correspondence courses from the
same school that churns out Microsoft spokespeople, Since it was a
little more two days over the thirty minutes that Antionline reports
that it was offline.  -WK]


Andrew Craig
Oct. 31, 2000

The security information site that was hacked into over the weekend
said it was the first successful attack out of nine million previous
attempts.

As reported by vnunet.com on Monday, a hacker known as n1nor broke
into the AntiOnline site, replacing its front page with a messaging
boasting about the attack. AntiOnline is a well known target for
hackers.

AntiOnline has since provided its side of the story in which its
founder, John Vranesevich, said the site was only down for 30 minutes
and none of its research or internal databases were at risk.

"Well, after an estimated nine million hack attempts against our
primary domain, www.AntiOnline.com, someone finally managed to deface
it," Vranesevich said in a message posted on the AntiOnline site.

"We at AntiOnline have enjoyed all that the past nine million hack
attempts have taught us about the nature of system intrusion, and look
forward to what the next nine million has in store for us," he added.

Vranesevich said the vulnerability related to the way its "QuickTips
CGI" parsed data fed to it by end users. "With over 65 different CGIs
that run our network of sites, we neglected to have this single CGI
sub itself to our central parsing scripts which thwart tens of
thousands CGI based attacks each week. In other words, "Oops! My
fault!"."

n1nor, who in the defacement said: "I could have sworn this site was
deemed unhackable," was credited by Vranesevich for cracking
AntiOnline's defences - which security experts have said are usually
very tight.

"The dedication and amount of time that you [n1nor] spent discovering
and exploiting this vulnerability is as impressive as it is
scary," said Vranesevich in his message.


*==============================================================*
"Communications without intelligence is noise;  Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
================================================================
C4I.org - Computer Security, & Intelligence - http://www.c4i.org
*==============================================================*

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".

Current thread:

Website hacked after nine million attempts William Knowles (Nov 03)
- <Possible follow-ups>
- Re: Website hacked after nine million attempts Phillip Renouf (Nov 04)