http://www.harktheherald.com/modules.php?op=modload&name=News&file=article&sid=68932 Rashae Ophus Johnson DAILY HERALD November 16, 2005 It posed more of a nuisance than a security hazard when someone hacked into Provo's city Web site Saturday, but it prompted renewed vigilance in patching vulnerabilities elsewhere on the city network. "We didn't feel like we were much of a target -- why would anyone want to hack into the Provo city Web site?" said Robert Ridge, director of information systems. "Now that it's happened, I guess it's a higher priority than we thought." The city's Web server is not connected to any computers with access to private information such as personnel files, Ridge said. Technology staff traced the breach to an old version of the Samba software program that never was removed from that computer after the city quit using it. When the vendor released notification of a vulnerability and offered a "patch," city technology staff didn't know Samba still lingered on the one server and thus overlooked the warning. Hackers write programs that crawl the Internet, searching for systems with newly publicized vulnerabilities, and one such person -- apparently a subscriber of a high-speed cable provider in Canada -- infiltrated Provo's site Saturday morning. "This is a constant cat-and-mouse game," Ridge said. "It's always a race to whether they find the vulnerability and exploit it first, or we patch it first." The hacker replaced Provo's Web pages with different pages and posted a sarcastic message of something like, "So sorry, you've been hacked." City technology staff spent a few hours reverting the pages back to the originals, and www.provo.org was operating properly again by 4 p.m. Saturday. "It was purely a nuisance. They got no information or other gain. They didn't leave their name so they didn't even get any notoriety," Ridge said. "All they did is deny the people of Provo and the people of the world access to our Web site." Ridge said Provo city's servers don't store much private information beyond some personnel records, but his staff still is scouring the servers for other possible breaches. "This has been kind of a wake-up call, and now we think we know of other things we can do to strengthen our security," Ridge said. With no resulting damage, "I guess in a way they did us a favor in making us be more vigilant." _________________________________________ Earn your Master's degree in Information Security ONLINE www.msia.norwich.edu/csi Study IA management practices and the latest infosec issues. Norwich University is an NSA Center of Excellence.
This archive was generated by hypermail 2.1.3 : Wed Nov 16 2005 - 23:52:10 PST