[ISN] [defaced-commentary] ATTRITION: Evolution

From: InfoSec News (isnat_private)
Date: Mon May 21 2001 - 06:20:45 PDT

  • Next message: InfoSec News: "[ISN] Eighteen months for 'White Hat' Hacker"

    ---------- Forwarded message ----------
    Date: Mon, 21 May 2001 05:42:44 -0600 (MDT)
    From: security curmudgeon <jerichoat_private>
    To: defaced-commentaryat_private
    Subject: [defaced-commentary] ATTRITION: Evolution
    
    
    ATTRITION: Evolution
    
    Definition
    
    Attrition.org is a non-profit hobby site run by a handful of
    volunteers in their free time. Each staff member at Attrition has a
    day job that takes a considerable amount of time, as well as other
    hobbies, and a social life (despite popular rumor). Over the last two
    years, the site has moved from a few random specialty pages to an
    archive of over seven gigs of diverse material and specialized
    content. With no corporate backing, no income, no 'guidance', no leash
    and no muzzle, Attrition continued to move in a direction that values
    truth and bluntness over sugar coated words and fluff.
    
    Decision
    
    One of the most predominant sections of Attrition has been the
    defacement mirror. What began as a small collection of web site
    defacement mirrors soon turned into a near 24/7 chore of keeping it up
    to date. In the last month, we have experienced single days of
    mirroring over 100 defaced web sites, over three times the total for
    1995 and 1996 combined.  With the rapid increase in web defacement
    activity, there are times when it requires one of us to take mirrors
    for four or five hours straight to catch up. Add to that the scripts
    and utilities needed to keep the mirror updated, statistics generated,
    mail lists maintained, and the time required for basic functionality
    is immense. A "hobby" is supposed to be enjoyable. Maintaining the
    mirror is becoming a thankless chore.
    
    During this time, we have struggled to keep up various other sections
    of Attrition that have been a core part of the site. As the mirror
    grew and began to consume more resources, the other sections have
    found themselves on the backburner and rarely updated. In essence,
    what was once a hobby site run in spare time for fun has turned into a
    beleaguring second job.  A job that comes with more headache,
    complaints, criticisms, slander and attacks than productive output or
    reward. In two years we have turned away countless computer security
    work that could have been fulfilled by a number of us. The abuse and
    ignorance we deal with from defacers and defacement victims is
    staggering, and some of that abuse spills over into actual attacks.  
    Attrition has been taken down more than once by massive denial of
    service attacks which have inconvenienced our generous upstream
    provider, hundreds of other colo customers, and thousands of dialup
    customers, making our job even more difficult.
    
    With that, the mirror will no longer be maintained. We've served our
    time.
    
    Direction
    
    As the mirror itself is phased out, several aspects of the process
    will remain. One of the most useful and practical resources spawned
    from the mirror are the statistics generated. It is our intention to
    continue to perform statistical analysis of defacements by utilizing
    the Alldas mirror. We have already begun sharing incoming defacement
    notifications with them to help facilitate the accurate and consistent
    mirroring of sites as we learn of them. We will also continue to
    provide commentary and articles on high profile defacements,
    significant trends or other activity that warrants attention.
    
    Resurrection and revamping of our Errata section should happen in the
    short term. It has been an oft overlooked resource despite the
    infrequent updates. With security and hackers becoming ever more
    popular with the press outlets, the need for vigilance is growing. It
    is important for members of the security community to be aware of
    journalists and news outlets more interested in flashy headlines and a
    quick buck.
    
    The various subsections of our security page will continue to be
    updated including more guides to implementing security, testing
    security, forensics, incident response and more. No doubt various
    staff members will continue to add to the 'rants' page as time goes
    on.
    
    Several other areas such as the image gallery, music reviews, movie
    reviews, poetry, contests, and the ever popular 'Going Postal' will
    now receive more attention.
    
    Dedication
    
    As more and more hours were dedicated to running the mirror, the
    feeling of burnout crept into a few of us. Despite this, it is our
    intention that we stay dedicated to Attrition and improving it on a
    daily basis. This doesn't mean there will be new visible content on
    the news page every day. It does mean that every day we will be
    working on one aspect of the site or another. Often times this is done
    by answering mail, developing small utilities to help improve the
    quality of administrative life, or something else not visible to the
    web site. We are evolving, bear with us - and we'll continue to
    provide the community with the quality content it's come to expect,
    just in a different package.
    
    
    
    
    -
    The information and commentary is Copyright 2001, by the individual author.
    Permission is granted to quote, reprint or redistribute provided the text is not
    altered, and the author and attrition.org is credited. The opinions expressed
    in this mail are not necessarily the opinion of all Attrition staff members.
    
    Commentary Archive: http://www.attrition.org/security/commentary/
    The Attrition Mirror: http://www.attrition.org/mirror/attrition/
    Country/TLD Statistics: http://www.attrition.org/mirror/attrition/country.html
    Attrition Defacement Statistics: http://www.attrition.org/mirror/attrition/stats.html
    Operating System Graphs: http://www.attrition.org/mirror/attrition/os-graphs.html
    
    Other Web Defacement Mailing Lists: http://www.attrition.org/security/lists.html
    Contacting Attrition Staff: staffat_private
    
    To subscribe to Defaced Commentary, send mail to majordomoat_private
    with "subscribe defaced-commentary" in the BODY of the mail (without
    quotes). To unsubscribe, include "unsubscribe defaced-commentary" in
    the BODY of the mail.
    
    
    
    ISN is hosted by SecurityFocus.com
    ---
    To unsubscribe email isn-unsubscribeat_private
    



    This archive was generated by hypermail 2b30 : Mon May 21 2001 - 23:05:36 PDT