[ISN] [defaced-commentary] Crimeseeker and eCertifications defaced

From: InfoSec News (isnat_private)
Date: Thu Aug 09 2001 - 04:31:15 PDT

  • Next message: InfoSec News: "[ISN] Paranoid Hollywood Wracked by Hack Attacks"

    ---------- Forwarded message ----------
    Date: Thu, 9 Aug 2001 01:08:21 -0600 (MDT)
    From: security curmudgeon <jerichoat_private>
    To: defaced-commentaryat_private
    Subject: [defaced-commentary] Crimeseeker and eCertifications defaced
    On August 1, 2001, a defacer known as 'ShellCode' compromised a machine
    hosting at least nine web sites. Among these sites were several of
    The first (www.crimeseeker.com) is a public service site designed to
    disseminate information on sex offenders living throughout the United
    States. The compromise of this web sites calls into question the safety
    mechanisms used to keep information on this site secure. What if the
    attackers added random names to the database, perhaps of people they
    dislike. To be wrongfully branded a sex offender could have a devesatating
    affect on your life. 
    The second site (operating on three domains) is that of eCertifications. 
    This site is amusing as one of the certifications they offer is that of
    'Web Security Specialist'. Perhaps they should train and hire their own
    students. =) 
    Sex Offenders Registry
    A National Criminal Information Registry
    This site is providing the following information as a public service. 
    These hypertext links are to sex offender registry and notification sites
    in states where the internet transmission of this information is legal. 
    Only information received from "official" federal, state, county, or
    municipality sites will be placed on this web site. This policy is not
    meant to minimize the work and dedication of otherwise well meaning
    citizens who are trying to help protect their communities. The policy is
    meant to protect the integrity and accuracy of the information you are
    receiving and the rights of all citizens. The law enforcement agency
    responsible for the individual database and/or site is solely responsible
    for the content. We are not responsible and accepts no responsibility for
    the accuracy of the information contained within the "official"  database
    or site accessed by these hypertext links. Any information you may wish to
    rely on should always be verified with the law enforcement agency directly
    responsible for the database/site. 
    www.evalidations.com & www.ecertifications.com
    Enhance your skills, stay competitive and make more money by earning your
    certification from eCertifications.com.
    The following outline describes the content of the Web Security
    eCertification.  To qualify as a Web Security Specialist, you must pass
    the examination with a score of 60% or higher.  To be certified as a
    Master Web Security Specialist you must obtain a score of 75% or higher.
    Mirror of defacement: 
    The information and commentary is Copyright 2001, by the individual author.
    Permission is granted to quote, reprint or redistribute provided the text is not
    altered, and the author and attrition.org is credited. The opinions expressed
    in this mail are not necessarily the opinion of all Attrition staff members.
    Commentary Archive: http://www.attrition.org/security/commentary/
    The Attrition Mirror: http://www.attrition.org/mirror/attrition/
    Country/TLD Statistics: http://www.attrition.org/mirror/attrition/country.html
    Attrition Defacement Statistics: http://www.attrition.org/mirror/attrition/stats.html
    Operating System Graphs: http://www.attrition.org/mirror/attrition/os-graphs.html
    Other Web Defacement Mailing Lists: http://www.attrition.org/security/lists.html
    Contacting Attrition Staff: staffat_private
    To subscribe to Defaced Commentary, send mail to majordomoat_private
    with "subscribe defaced-commentary" in the BODY of the mail (without
    quotes). To unsubscribe, include "unsubscribe defaced-commentary" in
    the BODY of the mail.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Thu Aug 09 2001 - 06:49:34 PDT