[ISN] SCO Web site hack mocks company's legal claims

From: InfoSec News (isn@private)
Date: Mon Nov 29 2004 - 22:50:22 PST


http://www.nwfusion.com/news/2004/1129scowebs.html

By Paul Roberts
IDG News Service
11/29/04

Malicious hackers have compromised The SCO Group's Web page twice in
as many days, posting messages that appear to mock the company's
claims to own parts of the Linux operating system.

On Monday, hackers compromised the site and inserted a banner image
that reads "We own all your code. Pay us all your money." The image
was removed on Monday morning in the U.S., but the incident followed a
similar attack on Sunday.

SCO acknowledged that its Web site "experienced two intrusions by a
malicious hacker that temporarily altered two Web pages." The Lindon,
Utah, company acted quickly to restore the hacked pages and patch a
vulnerability that the hackers used to compromise the site, according
to an e-mail statement from Blake Stowell, the company's public
relations director.

IDG News Service could not confirm the nature of the attack on Sunday,
but open source news Web site Newsforge.com on Sunday claimed that the
SCO site was altered to say that the company would be making
intellectual property claims against Microsoft's software. That hack
displayed the signature "hacked by realloc(," according to
Newsforge.com. The same signature was displayed in the background of
the altered banner image in Monday's attack.

SCO has been a frequent target of online attacks since it filed a
multibillion-dollar lawsuit against IBM in March 2003, charging the
company with misappropriation of trade secrets and unfair competition.  
Among other things, SCO claims that IBM violated SCO's copyright on
Unix System V, which SCO purchased from Novell, by copying elements of
that operating system into Linux, which is distributed for free.

SCO's legal claim to own parts of Linux, and its threats to enforce
its ownership through patent infringement lawsuits against Linux
users, raised the ire of open source enthusiasts. The company's legal
actions are seen as a threat to the spread of Linux, which many
consider a possible rival to the dominance of Microsoft's proprietary
desktop and server operating systems. The lawsuits have prompted
companies, including Novell and HP, to offer customers protection
against copyright infringement suits.

Despite the serial attacks, SCO believes that it addressed security
issues on its site to prevent future intrusions, Stowell said.



_________________________________________
Open Source Vulnerability Database (OSVDB) Everything is Vulnerable - http://www.osvdb.org/



This archive was generated by hypermail 2.1.3 : Tue Nov 30 2004 - 12:52:48 PST