---------- Forwarded message ---------- Date: Sat, 29 Sep 2001 07:09:41 -0600 (MDT) From: security curmudgeon <jerichoat_private> To: defaced-commentaryat_private Subject: [defaced-commentary] BWI Airport website defaced In the wake of the WTC/Pentagon attacks, the importance of all types of security is abundantly clear. Many people have questioned the relation of online security after the breakdowns in physical security that contributed to the tragic events on September 11. The defacement of the BWI Airport web site provides just such an example. Visitors to the site are able to easily click to curent flight information. http://www.bwiairport.com/frames/0_arrivals.html After agreeing that the information you see may not be accurate, you are given a nice schedule of flights and their curent status. What if a computr criminal were to make small variations on these schedules. Alter flight times, gates, destinations, or worse, change the status of a flight from 'LANDED' to 'CRASHED'. The sheer panic and resulting mayhem would be a disaster unto itself. These types of attacks (often referred to Subversion of Information attacks) are perhaps the worst imagineable in the realm of web defacements. This is one of the cases where it seems fortunate that the attacker left an obvious defacement instead of something more subtle. Defaced Website: www.bwiairport.com Defaced by: tty0 Mirror: http://defaced.alldas.de/mirror/2001/09/27/www.bwiairport.com/ - The information and commentary is Copyright 2001, by the individual author. Permission is granted to quote, reprint or redistribute provided the text is not altered, and the author and attrition.org is credited. The opinions expressed in this mail are not necessarily the opinion of all Attrition staff members. Commentary Archive: http://www.attrition.org/security/commentary/ The Attrition Mirror: http://www.attrition.org/mirror/attrition/ Country/TLD Statistics: http://www.attrition.org/mirror/attrition/country.html Attrition Defacement Statistics: http://www.attrition.org/mirror/attrition/stats.html Operating System Graphs: http://www.attrition.org/mirror/attrition/os-graphs.html Other Web Defacement Mailing Lists: http://www.attrition.org/security/lists.html Contacting Attrition Staff: staffat_private To subscribe to Defaced Commentary, send mail to majordomoat_private with "subscribe defaced-commentary" in the BODY of the mail (without quotes). To unsubscribe, include "unsubscribe defaced-commentary" in the BODY of the mail. - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Mon Oct 01 2001 - 15:02:08 PDT