Here are some more rumors. It was not DNS related. It seems Yahoo uses a system where different web browsers are sent to different web servers. Thats why only lynx users (and maybe users of very old version versions of Netscape) saw the page. Only the lynx server was affected. The boxes affected where located in the GlobalCenter data center. They provide web hosting for Yahoo (and some other very large web sites). My informant claims that the attack actually came from behind the firewall via a dialup modem. He claimed that password to a users account on the machines had been compromissed. After the web page was modified all types of automatic bells and whistles went off and they restored from backup in fifteen minutes. You can view a copy of the hacked homepage at http://www.clipper.net/~skully/yahoo/ Notice that the page had a link to http://www.yahoo.com/yahooz-el8-search-engine-src.zip Wonder it the source code for yahoo's search engine was really there and if anyone got to download it ;) Aleph One / aleph1at_private http://underground.org/ KeyID 1024/948FD6B5 Fingerprint EE C9 E8 AA CB AF 09 61 8C 39 EA 47 A8 6A B8 01
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:35:27 PDT