[defaced-commentary] BWI Airport website defaced

[InfoSec News <isn () c4i org>]

---------- Forwarded message ----------
Date: Sat, 29 Sep 2001 07:09:41 -0600 (MDT)
From: security curmudgeon <jericho () attrition org>
To: defaced-commentary () attrition org
Subject: [defaced-commentary] BWI Airport website defaced


In the wake of the WTC/Pentagon attacks, the importance of all types
of security is abundantly clear. Many people have questioned the
relation of online security after the breakdowns in physical security
that contributed to the tragic events on September 11. The defacement
of the BWI Airport web site provides just such an example.

Visitors to the site are able to easily click to curent flight
information. http://www.bwiairport.com/frames/0_arrivals.html

After agreeing that the information you see may not be accurate, you
are given a nice schedule of flights and their curent status. What if
a computr criminal were to make small variations on these schedules.
Alter flight times, gates, destinations, or worse, change the status
of a flight from 'LANDED' to 'CRASHED'. The sheer panic and resulting
mayhem would be a disaster unto itself. These types of attacks (often
referred to Subversion of Information attacks) are perhaps the worst
imagineable in the realm of web defacements. This is one of the cases
where it seems fortunate that the attacker left an obvious defacement
instead of something more subtle.

Defaced Website: www.bwiairport.com
Defaced by: tty0
Mirror: http://defaced.alldas.de/mirror/2001/09/27/www.bwiairport.com/



-
The information and commentary is Copyright 2001, by the individual author.
Permission is granted to quote, reprint or redistribute provided the text is not
altered, and the author and attrition.org is credited. The opinions expressed
in this mail are not necessarily the opinion of all Attrition staff members.

Commentary Archive: http://www.attrition.org/security/commentary/
The Attrition Mirror: http://www.attrition.org/mirror/attrition/
Country/TLD Statistics: http://www.attrition.org/mirror/attrition/country.html
Attrition Defacement Statistics: http://www.attrition.org/mirror/attrition/stats.html
Operating System Graphs: http://www.attrition.org/mirror/attrition/os-graphs.html

Other Web Defacement Mailing Lists: http://www.attrition.org/security/lists.html
Contacting Attrition Staff: staff () attrition org

To subscribe to Defaced Commentary, send mail to majordomo () attrition org 
with "subscribe defaced-commentary" in the BODY of the mail (without
quotes). To unsubscribe, include "unsubscribe defaced-commentary" in
the BODY of the mail.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.