http://www.newsbytes.com/news/02/175103.html By Brian McWilliams, Newsbytes BOULDER, COLORADO, U.S.A., 11 Mar 2002, 10:45 AM CST A group calling itself "Hackers for Eddie Murphy" posted a ransom note Sunday on the front door of the Web site operated by Colorado-based rock band The String Cheese Incident. According to the defacement, which appeared to be a tongue-in-cheek hoax, the hackers demanded a payment of $1 million for the return of the site's servers "to their normal state of well being." The attackers' message, which was still viewable this morning, said they would use the money to "jump start" production of "Beverly Hills Cop 4," another sequel to Murphy's 1984 movie. "Beverly Hills Cop 3" was released in 1994. The String Cheese Incident (SCI) is a group of former ski bums that has become Colorado's favorite band, according to the Stringcheeseincident.com Web site. The group's music is reminiscent of that of the Grateful Dead. SCI representatives were not immediately available for comment. The defacement instructed SCI site operators simply to leave the million dollars "at the corner of the Oak and Fifth" but did not specify the city. The attackers did not leave any contact information. The Web site, which appeared to be hosted by a Boulder-based Internet service provider named Indra's Net, is running the Apache Web server on the Red Hat Linux operating system. The Stringcheeseincident.com server appeared to be using a vulnerable version of the WU-FTPD file transfer program. According to a November 2001 advisory from the Computer Emergency Response Team, WU-FTPD version 2.6.1 contains a security hole that could allow remote attackers to take control of the server. Aside from the main page, the rest of the SCI site pages appeared untouched. An online ticketing section, as well as a merchandise area, appeared to be hosted on separate servers. The SCI site was the first defacement by Hackers for Eddie Murphy, according to records maintained by the Alldas defacement archive. The String Cheese Incident site is at http://www.stringcheeseincident.com A mirror of the SCI defacement is at http://defaced.alldas.org/mirror/2002/03/10/www.stringcheeseincident.com/ - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Tue Mar 12 2002 - 01:52:03 PST