European 'safer Internet' site hit by hackers

[InfoSec News <isn () c4i org>]

http://www.computerworld.com/cwi/story/0,1199,NAV47_STO61171,00.html.html

By JORIS EVERS 
IDG NEWS SERVICE 
June 07, 2001 

Hackers embarrassed the European Commission this week by identifying
and exploiting two security holes on a new commission-sponsored Web
site that promotes safer use of the Internet.

One of the holes allowed the hackers to get administrator privileges
on the server that powers the Safer Internet Exchange site, according
to a security analyst who asked not to be identified. The other flaw
involved an e-mail distribution list that was left unsecured, allowing
intruders to retrieve the names and e-mail addresses of the people on
the list.

Tara Morris, project manager for the Web site and a consultant at
Birmingham, England-based Ecotec Research and Consulting Ltd., said
the two holes were both plugged yesterday morning. The incident is
still being investigated, he added, while declining to detail how
deeply the hackers were able to penetrate the affected server.

Morris didn't specify the security flaw that provided access to the
e-mail distribution list, which has about 600 subscribers. He said the
other hole was linked to a known vulnerability in Microsoft Corp.'s
Index Server software, which provides the behind-the-scenes
functionality needed to do searches of Web sites that are powered by
Windows-based servers.

The Safer Internet Exchange site was officially launched last month by
the Brussels-based commission, which functions as the executive body
of the 15-member European Union. The Web site is part of a broad
campaign to make the Internet safer for European citizens and
businesses, and Morris said it's specifically aimed at helping to
eradicate illegal and harmful Internet content.

The disclosure of the security flaws came just one day after the
European Commission said it has started developing an antihacking law
as part of a series of proposals that are meant to increase the level
of information security in the region. Other steps being considered
include the creation of a central virus-fighting unit and increased
cooperation among national computer emergency response teams in
different countries.





ISN is hosted by SecurityFocus.com
---
To unsubscribe email isn-unsubscribe () SecurityFocus com.