[ISN] [defaced-commentary] BWI Airport website defaced

From: InfoSec News (isnat_private)
Date: Mon Oct 01 2001 - 03:12:29 PDT

  • Next message: InfoSec News: "[ISN] CRYPTO-GRAM SPECIAL ISSUE, September 30, 2001"

    ---------- Forwarded message ----------
    Date: Sat, 29 Sep 2001 07:09:41 -0600 (MDT)
    From: security curmudgeon <jerichoat_private>
    To: defaced-commentaryat_private
    Subject: [defaced-commentary] BWI Airport website defaced
    In the wake of the WTC/Pentagon attacks, the importance of all types
    of security is abundantly clear. Many people have questioned the
    relation of online security after the breakdowns in physical security
    that contributed to the tragic events on September 11. The defacement
    of the BWI Airport web site provides just such an example.
    Visitors to the site are able to easily click to curent flight
    information. http://www.bwiairport.com/frames/0_arrivals.html
    After agreeing that the information you see may not be accurate, you
    are given a nice schedule of flights and their curent status. What if
    a computr criminal were to make small variations on these schedules.
    Alter flight times, gates, destinations, or worse, change the status
    of a flight from 'LANDED' to 'CRASHED'. The sheer panic and resulting
    mayhem would be a disaster unto itself. These types of attacks (often
    referred to Subversion of Information attacks) are perhaps the worst
    imagineable in the realm of web defacements. This is one of the cases
    where it seems fortunate that the attacker left an obvious defacement
    instead of something more subtle.
    Defaced Website: www.bwiairport.com
    Defaced by: tty0
    Mirror: http://defaced.alldas.de/mirror/2001/09/27/www.bwiairport.com/
    The information and commentary is Copyright 2001, by the individual author.
    Permission is granted to quote, reprint or redistribute provided the text is not
    altered, and the author and attrition.org is credited. The opinions expressed
    in this mail are not necessarily the opinion of all Attrition staff members.
    Commentary Archive: http://www.attrition.org/security/commentary/
    The Attrition Mirror: http://www.attrition.org/mirror/attrition/
    Country/TLD Statistics: http://www.attrition.org/mirror/attrition/country.html
    Attrition Defacement Statistics: http://www.attrition.org/mirror/attrition/stats.html
    Operating System Graphs: http://www.attrition.org/mirror/attrition/os-graphs.html
    Other Web Defacement Mailing Lists: http://www.attrition.org/security/lists.html
    Contacting Attrition Staff: staffat_private
    To subscribe to Defaced Commentary, send mail to majordomoat_private 
    with "subscribe defaced-commentary" in the BODY of the mail (without
    quotes). To unsubscribe, include "unsubscribe defaced-commentary" in
    the BODY of the mail.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Mon Oct 01 2001 - 15:02:08 PDT