Firewalls: Re: Air Force Web Site Hacked

Firewalls
(January 1997)

Indexed By Thread: [Previous] [Next]

Subject:	Re: Air Force Web Site Hacked
From:	"Mike O'Connor" <mjo @ dojo . mi . org>
Date:	Thu, 2 Jan 1997 11:46:48 -0500 (EST)
To:	long-morrow @ CS . YALE . EDU
Cc:	Firewalls @ GreatCircle . COM, zeb @ sbbs . se
In-reply-to:	<199701021533 . KAA11384 @ SPARKY . CF . CS . YALE . EDU> from "long-morrow @ CS . YALE . EDU" at Jan 2, 97 10:33:39 am
Reply-to:	"Mike O'Connor" <mjo @ dojo . mi . org>

:>I'm getting unnerved by the fact that not only
:>have those sites indeed been hacked, but noone
:>seems to be surpised.
:>
:>What techniques were used? To alter the html
:>files, someone obviously managed to achieve
:>file overwrite rights (at the very least).
:
:You'd be surprised at how many NCSA httpd sites are
:still out there which are vulnerable to the attack:
[more about the phf bug]

There's no reason to believe that the compromise to www.af.mil occured
through any weakness in the WWW server software/machine in particular.  I
just did some cursory checking -- "server.af.mil" is running sendmail
5.59(!) and "ddn.af.mil" is running NFS (no exports list, perhaps a
default portmap though).  And it could always be an inside job...

							...Mike
-- 
 Michael J. O'Connor                                           mjo @
 dojo .
 mi .
 org
"...and life begins at 40 -- so they promise"                     -John Lennon

References:

Re: Air Force Web Site Hacked
From: long-morrow @ CS . YALE . EDU

Indexed By Date	Previous:	Making a case for Firewall design From: Rich Lenihan <rich @ segue . com>
Indexed By Date	Next:	RE: Is Your Website a Secret? From: "Caldwell, Matt COLASC" <caldwm @ msgate . ColumbiaSC . NCR . COM>
Indexed By Thread	Previous:	Re: Air Force Web Site Hacked From: long-morrow @ CS . YALE . EDU
Indexed By Thread	Next:	RE: Air Force Web Site Hacked -Reply From: Matthew Thompson <mthomps1 @ kiwitech . co . nz>