Vanagon EuroVan
Previous messageNext messagePrevious in topicNext in topicPrevious by same authorNext by same authorPrevious page (December 2000, week 2)Back to main VANAGON pageJoin or leave VANAGON (or change settings)ReplyPost a new messageSearchProportional fontNon-proportional font
Date:         Wed, 13 Dec 2000 07:11:23 -0800
Reply-To:     Joel Cort <joel_cort@YAHOO.COM>
Sender:       Vanagon Mailing List <vanagon@gerry.vanagon.com>
From:         Joel Cort <joel_cort@YAHOO.COM>
Subject:      Re: Vanagon.com is Hacked!!!
Content-Type: text/plain; charset=us-ascii

Folks,


> The web site had a major security hole and someone walked right up
> and said "boo".  We were lucky.


Yup, and someone finally accessed it.  Web sites get bombarded by
rogue "war dialers" type programs that look for vulnerabilities from
hackers.  They send Telnet, FTP and HTTP requests on all sorts of
ports to see if there is one open for them.  I know, we have
Intrusion Detection Systems on the Internet portals at work. About
every 3-5 minutes we get notification that we are getting hit.




> Since the damage was really tiny, this would not
> likely happen.




How does anyone know the extent of the damage?  Do we have any logs
on the intruder's activities and steps?  Doubt it!  We don't know
what else he (or she) has done with our web site.   Do we know how
the intrusion occured?  Do we know what exposure and vulnerability is
there?
Have anyone assessed our server and web site for vulnerabilities?
Have we run an electronic scan such as Internet Security Scanner to
discover all of our vulnerabilities?  Have the vulnerabilities been
fixed or mitigated?


The answers my friends are blowing in the wind....


If one joker out there hacked us he will probably brag or some other
hacker can also find our hole(s) and keep on inflicting us.


The mentalitiy of these hackers is for the prestige of bragging about
it to their moronic friends.


>
> On top of which the intruder has posted an apology, a promise to
> fix the
> site tomorrow, and the address of the proper Vanagon root page
> (http://www.vanagon.com/indexoriginal.html).  Clearly a young man,
> judgment
> perhaps a bit shaky, but definitely not one of the bad guys.




Any one who hacks is a bad guy (or gal)!
Make no mistake about it.


Joel Cort
Application Security Architect
Xerox Corporation


and owner of an 89 Syncro Westy








__________________________________________________
Do You Yahoo!?
Yahoo! Shopping - Thousands of Stores. Millions of Products.
http://shopping.yahoo.com/
Back to: Top of message | Previous page | Main VANAGON page

Please note - During the past 17 years of operation, several gigabytes of Vanagon mail messages have been archived. Searching the entire collection will take up to five minutes to complete. Please be patient!

Return to the archives @ gerry.vanagon.com

The vanagon mailing list archives are copyright (c) 1994-2011, and may not be reproduced without the express written permission of the list administrators. Posting messages to this mailing list grants a license to the mailing list administrators to reproduce the message in a compilation, either printed or electronic. All compilations will be not-for-profit, with any excess proceeds going to the Vanagon mailing list.

Any profits from list compilations go exclusively towards the management and operation of the Vanagon mailing list and vanagon mailing list web site.