Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Hacker flattens Legoland

From: Berislav Kucan <bhz () NET-SECURITY ORG>
Date: Tue, 12 Sep 2000 00:33:16 GMT
http://www.vnunet.com/News/1110598
(archive - http://net-security.org/misc/sites/www.legoland.co.uk/)

Hacker flattens Legoland
By Jo Ticehurst  [11 Sep 2000]

 Plastic brick theme park Legoland has had its UK website defaced by a
hacker who took advantage of an inadequately secured SQL server.
The front page of the Legoland.co.uk site was replaced on Friday with a
message from the hacker and a picture of a spacecraft made from Lego. The
site was down on Monday morning, but was restored by midday.

The hacker, called Herbless, used the same method to hack several UK
government websites last month. Experts said administrator error rather
than a weakness in SQL server was to blame for leaving the websites open to
attack.

Herbless used the attack to post a rant supporting DVD cracking software.
The DeCSS software allows the decryption and copying of DVDs. Several major
Hollywood film studios last month won their fight to prevent the publishing
of the software by the 2600 hacker magazine and website.

When SQL server is set up there is a simple default password for the SQL
administrator. Unless the system is being used on a trusted network, which
the company owns entirely, Microsoft recommends this password be changed.
In an unchanged configuration hacks can take place.

Matt Tomlinson, business development at security consultancy MIS, said:
"The majority of internet-facing servers running SQL server will be
protected by port filtering and firewalls, exposing access to only HTTP
ports. The wider implications are for those organisations that do not
protect internal servers from internal users.

"Any organisation with any resemblance of an IT security policy will have
changed the default (blank) password and put other protection methods in
place."

In a statement, Legoland confirmed that its website had been compromised.
It said sensitive booking information including credit card details is
hosted on a separate secure server with an established internet bank and
this information was not compromised.

Legoland said the security weakness on its site had been reviewed and
measures taken to ensure that this type of attack could not be repeated.


Berislav Kucan
Help Net Security
http://net-security.org

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".
Previous By Date Next
Previous By Thread Next

Current thread: