Date: Wed, 13 Dec 2000 07:11:23 -0800
Reply-To: Joel Cort <joel_cort@YAHOO.COM>
Sender: Vanagon Mailing List <vanagon@gerry.vanagon.com>
From: Joel Cort <joel_cort@YAHOO.COM>
Subject: Re: Vanagon.com is Hacked!!!
Content-Type: text/plain; charset=us-ascii
Folks,
> The web site had a major security hole and someone walked right up
> and said "boo". We were lucky.
Yup, and someone finally accessed it. Web sites get bombarded by
rogue "war dialers" type programs that look for vulnerabilities from
hackers. They send Telnet, FTP and HTTP requests on all sorts of
ports to see if there is one open for them. I know, we have
Intrusion Detection Systems on the Internet portals at work. About
every 3-5 minutes we get notification that we are getting hit.
> Since the damage was really tiny, this would not
> likely happen.
How does anyone know the extent of the damage? Do we have any logs
on the intruder's activities and steps? Doubt it! We don't know
what else he (or she) has done with our web site. Do we know how
the intrusion occured? Do we know what exposure and vulnerability is
there?
Have anyone assessed our server and web site for vulnerabilities?
Have we run an electronic scan such as Internet Security Scanner to
discover all of our vulnerabilities? Have the vulnerabilities been
fixed or mitigated?
The answers my friends are blowing in the wind....
If one joker out there hacked us he will probably brag or some other
hacker can also find our hole(s) and keep on inflicting us.
The mentalitiy of these hackers is for the prestige of bragging about
it to their moronic friends.
>
> On top of which the intruder has posted an apology, a promise to
> fix the
> site tomorrow, and the address of the proper Vanagon root page
> (http://www.vanagon.com/indexoriginal.html). Clearly a young man,
> judgment
> perhaps a bit shaky, but definitely not one of the bad guys.
Any one who hacks is a bad guy (or gal)!
Make no mistake about it.
Joel Cort
Application Security Architect
Xerox Corporation
and owner of an 89 Syncro Westy
__________________________________________________
Do You Yahoo!?
Yahoo! Shopping - Thousands of Stores. Millions of Products.
http://shopping.yahoo.com/