[ISN] [defaced-commentary] Alldas.de Defacement Mirror .. Defaced

From: InfoSec News (isnat_private)
Date: Wed Jun 27 2001 - 01:28:34 PDT

  • Next message: InfoSec News: "Re: [ISN] Survey: Security Password Picks Are Easy Prey"

    ---------- Forwarded message ----------
    Date: Wed, 27 Jun 2001 02:15:29 -0600 (MDT)
    From: security curmudgeon <jerichoat_private>
    To: defaced-commentaryat_private
    Subject: [defaced-commentary] Alldas.de Defacement Mirror .. Defaced
    
    
    On Tuesday June 26, 2001, a hacker named 'ThePike' managed to deface
    the European defacement mirror Alldas.de. Visitors to the site saw a
    modified news banner on the left side saying "ALLDAS GOT CRACKED! READ
    IT HERE". The front page was modified to include a small rant/message
    from the defacer regarding current defacement activity. His message
    warned other defacers that "security is not something funny" and
    cautioned would-be defacers about using their scripts to deface
    companies that rely on data security.
    
    For details on the defacement from Alldas:
    See http://www.alldas.de/?doc=news#11
    
    For a mirror and the full text message left:
    http://defaced.alldas.de/mirror/2001/06/26/defaced.alldas.de/
    
    It is interesting to note the amount of commands the attacker
    attempted to run and the likelihood that he shared the exploit with
    others. Given the command attempts came from 10 different IP
    addresses, one might wonder about the intentions of the OTHER people
    involved.
    
    Security web site Security.NL was contacted by someone, possibly from
    whiskunde.org, believed by some to be involved in the defacement.
    Security.NL posted an article (in Dutch) about the defacement, as well as
    mirror and screenshots:  
    screenshots: http://www.security.nl/content.php3?page=reactie&id=2099&0
    mirror: http://www.security.nl/misc/alldas.html
    
    Securitywatch article on the incident:
    http://www.securitywatch.com/New/fr_news_0_bugs.html
    
    It is refreshing to see Alldas.de provide details of the incident as
    well as make a mirror available on their site. It is that kind of
    integrity and honesty that is needed in the security community.
    
    
    -
    The information and commentary is Copyright 2001, by the individual author.
    Permission is granted to quote, reprint or redistribute provided the text is not
    altered, and the author and attrition.org is credited. The opinions expressed
    in this mail are not necessarily the opinion of all Attrition staff members.
    
    Commentary Archive: http://www.attrition.org/security/commentary/
    The Attrition Mirror: http://www.attrition.org/mirror/attrition/
    Country/TLD Statistics: http://www.attrition.org/mirror/attrition/country.html
    Attrition Defacement Statistics: http://www.attrition.org/mirror/attrition/stats.html
    Operating System Graphs: http://www.attrition.org/mirror/attrition/os-graphs.html
    
    Other Web Defacement Mailing Lists: http://www.attrition.org/security/lists.html
    Contacting Attrition Staff: staffat_private
    
    To subscribe to Defaced Commentary, send mail to majordomoat_private
    with "subscribe defaced-commentary" in the BODY of the mail (without
    quotes). To unsubscribe, include "unsubscribe defaced-commentary" in
    the BODY of the mail.
    
    
    ISN is hosted by SecurityFocus.com
    ---
    To unsubscribe email isn-unsubscribeat_private
    



    This archive was generated by hypermail 2b30 : Wed Jun 27 2001 - 01:31:33 PDT