First, see how Fed and state governments fretted about the purported threat: http://www.cscic.state.ny.us/advisories/july03/7_01.htm http://www.infowarrior.org/rforno/fedcirc-070103.txt Then look at Symantec's statement: >Symantec Security Response has been tracking for any unusual activities >associated with the hacker's Web site defacement challenge by monitoring >activities through the Symantec Security Operations Centers and the >Symantec DeepSight Threat Management System. > >The challenge aims to award the first individual or group to deface 6,000 >Web sites within a six-hour timeframe on July 6, 2003. The deadline for >the challenge was extended to midnight Estonian time. > >Here's a recap of what Symantec's experts have monitored throughout the >day on July 6, 2003: >Although there was a slight increase in Port 80 activities, it was not >statically significant Symantec's security experts continue to see no >sign of any increased Web attack activities. >There have been reports of several hundred Web defacements; however, with >hundreds of Web sites being defaced every day, this number is not significant. And read some of the more critical news coverage from today, reminding us that (surprise) not much of anything happened, and, besides, the premise of the contest was pretty suspicious to begin with: http://www.theregister.co.uk/content/55/31591.html http://washingtontimes.com/business/20030706-104805-7900r.htm http://money.cnn.com/2003/07/06/technology/hacking_contest.reut/ -Declan --- http://www.attrition.org/ Reading the news of late is like witnessing all security issues being reduced to a "Rocking Chair" modality. Everyone's put a helluva lot of energy and effort into this mess, but we are still going nowhere fast! Talking Points for the Media (drafted by several well-known and published security professionals) July 3rd, 2003 * Web attacks occur at all hours of the day and night. If it's convienient to attack, a scriptkiddy will...and they won't announce it. We should be more concerned with the serious attackers who do not broadcast their intentions. * The "prize" is 500 megs of online storage space? I have a decade-old PC with more hard disk space than they're allegedly "awarding" in this contest. Hell, my MP3 player has more than 40 times that amount of storage. Besides, any cracker with a modicum of "skill" could easily amass far more storage using systems they've breached. Finally, who in their right mind would want to risk getting caught for that paltry reward? * Symantec (owner of SecurityFocus) has not issued an alert on this matter; that alone shows how seriously they view this "threat." * Massive attacks on the Internet are like conspiracy theories: those that are predicted don't occur and those that occur were never predicted. To illustrate: in the immediate wake of 9/11/2001, NIPC held a much-publicized forum about looming threats to the Internet. None of that grandstanding did ANYTHING to predict or blunt the impact of Nimda which occurred a mere six days later. The same is true for the massive Distributed Denial of Service (DDoS) that struck 6 of the 13 root servers a few months ago. * Should we be concerned about our system security this weekend? YES! But no more so than any other weekend or workday. There's no excuse for not having properly-configured, secured, and administered systems 24/7/365. Scrambling to patch systems in advance of a "threat" like this is foolhardy and not the way to enact meaningful security. * The guidance issued in the New York Cybersecurity Alert mentioned above is a joke. The recommendations are not anything beyond "good security measures" that should be taken each and every day by competent system administrators. The fact this organization released such generic guidance tells us that people still don't implement lasting IT Security...and if they did, such "threats" of web defacements wouldn't cause the mass hysteria it has over the past several days. 0WN3D BY ISS, B4BY!@#$%^ GR33TZ TO: TR34CH3RY UNL1M1T3D, 1NF0W4RR10R, R3ZN0R::D0T::C0M, UN1XG33KZ, 4TTR1T10N, 4ND 0UR H0M13Z 4T N1PC!@# [Okay, joke's over...] ------------------------------------------------------------------------- POLITECH -- Declan McCullagh's politics and technology mailing list You may redistribute this message freely if you include this notice. ------------------------------------------------------------------------- To subscribe to Politech: http://www.politechbot.com/info/subscribe.html This message is archived at http://www.politechbot.com/ Declan McCullagh's photographs are at http://www.mccullagh.org/ Like Politech? Make a donation here: http://www.politechbot.com/donate/ -------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Tue Jul 08 2003 - 01:31:51 PDT