Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

RE: [defaced-commentary] ISS Defaced

From: InfoSec News <isn () c4i org>
Date: Thu, 8 May 2003 06:00:51 -0500 (CDT)
Forwarded from: The Unknown Security Person...

[With apologies (again) to Murray Langston...  :)  - WK] 

ISS's official stance on the defacement is here:
http://www.informationweek.com/story/showArticle.jhtml?articleID=9600021

Why would a legitimate website be used as a honeypot?

What kind of personal information from students was gathered on this
so-called honeypot?  Is it ethical to host a discussion site for
students "about BlackIce and how they can protect themselves from
hacker attacks" on a honeypot? On a honeypot???  Which is meant to be
insecure?  Which is meant to be cracked?



-----Original Message-----
Date: Mon, 5 May 2003 18:26:49 -0400 (EDT)
From: security curmudgeon <jericho () attrition org>
To: defaced-commentary () attrition org
Subject: [defaced-commentary] ISS Defaced


http://www.zone-h.org/en/news/read/id=2657/

Iss.net webdavized... where is the security?


G00db0y www.zone-h.org admin
05/05/2003

Where is the security if also a site of a big security company is hacked?

Today a very well known security company was defaced using the last webdav
vulnerability. You can find more about this vulnerability here:

http://www.microsoft.com/technet/security/bulletin/ms03-007.asp

Internet Security System (www.iss.net) was not hacked in the main server
but in a secondary site. Everywhere USG hacked them.

The USG team replaced the main page with these words: "ISS Hacked By
ShellCode And rD of USG! F*CK BUSH, BLAIR And SHARON AND F*CK ALL WHO
SUPPORT THE WAR... greetz: DKD, FBH, S4t4n1c_S0uls and all who support
us".

You can see by yourself here:

http://xfiw.iss.net

Mirror here:
http://www.zone-h.org/en/defacements/view/id=258882/



*********************************************************************** 
DISCLAIMER:
The information transmitted may contain confidential material and is
intended only for the person or entity to which it is addressed.  Any
review, retransmission, dissemination or other use of or taking of any
action by persons or entities other than the intended recipient is
prohibited.  If you are not the intended recipient, please delete the
information from your system and contact the sender.
***********************************************************************



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.
Previous By Date Next
Previous By Thread Next

Current thread: