I'm getting unnerved by the fact that not only
have those sites indeed been hacked, but noone
seems to be surpised.
What techniques were used? To alter the html
files, someone obviously managed to achieve
file overwrite rights (at the very least).
If I ran a military/intelligence site for the
public, I would think it natural to use a
dedicated webserver, with only the servers
required to make maintainence feasable
running (ie no smtp, telnet etc). Also, I
could think of no reasons to allow anything
but html sessions from the outside (since it
was dedicated).
The level of security problems is often the
inverse of the level of flexibility and
functionality. In this case it seems to me
that the flexibilty/functionality can be
reduced to a point of mere viewing services,
which is why it would be possible to put
the files on cdrom (which by the way doesn't
help at all if the hacker has gained root
access since he can simply point to another
location).
So, did the hacked hosts have ftp daemons
running, with the firewall allowing outside
access? Telnet? Rsh? Or are there html
specific inherent weaknesses (even without
java etc)?
Regards
Sebastian Stache
Lund, Sweden <<application/ms-tnef>>
|
|
