There is been a lot of uncertainty regarding the Yahoo hack. A lot of people belive it was a hoax. Well today there is an article on the San Joe Mercuriy on the subject. "Hackers leave Yahoo digital ransom note" (http://spyglass1.sjmercury.com/premium/business/docs/yahoo10.htm with paid subscription) has little technical detail behind the hack. They do quoet Diane Hunt, a spokeswoman for the company, stating that the mesage was up for only 10 to 15 minutes and that they "immidiately took action to see the extent of the damage and moved to correct it". So it seems it was real after all. There is also been a lot of questions on the feasibility of transmitting a computer virus via web browsing. The writter had the good luck of talking to Jonathan Wheat at the NCSA that is clueful enough to state that such attacks are at least possible given the rather large number of security vulnerabilities found in web browsers but its unlikely in this case if the quality of the message left on the web page is any indication of hackers technical abilities. Of curse then he goes on quoting Jammon Campbell, also at NCSA, that sticks his foot in his month by saying "that's pretty much ridiculous". The real question, that will probably remain unanwsered, is what was the hole? The top choise on the list is DNS chache poissoning to redirect Yahoo's homepage to some other web server, but that does not mix well with the statement that Yahoo was able to fix the problem after they realized what was going on. Aleph One / aleph1at_private http://underground.org/ KeyID 1024/948FD6B5 Fingerprint EE C9 E8 AA CB AF 09 61 8C 39 EA 47 A8 6A B8 01
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:35:19 PDT