[2709] in WWW Security List Archive
Re: DOJ?
daemon@ATHENA.MIT.EDU (Prentiss Riddle)
Tue Aug 20 11:08:01 1996
From: Prentiss Riddle <riddle@is.rice.edu>
To: dmurray@pdssoftware.com, www-security@ns2.rutgers.edu
Date: Tue, 20 Aug 1996 08:15:58 -0500 (CDT)
In-Reply-To: <199608191637.MAA19305@ns2.rutgers.edu> from "David Murray" at Aug 19, 96 12:37:18 pm
Errors-To: owner-www-security@ns2.rutgers.edu
> From: "David Murray" <dmurray@pdssoftware.com>
> To: www-security@ns2.rutgers.edu
> Date: Mon, 19 Aug 1996 12:37:18 -0400
> Subject: DOJ?
>
> What happened to the DOJ over the weekend?
Here's a non-technical summary, from Edupage:
| JUSTICE'S WEB SITE IS INFILTRATED
| The U.S. Justice Dept.'s Web site < http://www.usdoj.gov/ > took on a
| quite different look after crackers broke in this weekend and altered
| the page to include swastikas, obscene pictures and criticism of the
| Communications Decency Act. The site was shut down following the
| discovery Saturday morning; the department expects to reconstruct the
| page and have it running again by Monday, if not before.
| (St. Petersburg Times 18 Aug 96 A12)
Nothing I've heard suggests that there was anything technologically
noteworthy about the breakin. It sounds as though the machine hosting
the DOJ web server may have suffered from a run-of-the-mill security
hole which the crackers were able to exploit. That's purely a guess,
of course.
This does suggest that maintainers of prominent web sites should be
extra-vigilant about base OS security, and keep those backups handy
in case something slips.
-- Prentiss Riddle ("aprendiz de todo, maestro de nada") riddle@rice.edu
-- RiceInfo Administrator, Rice University / http://is.rice.edu/~riddle
-- Opinions expressed are not necessarily those of my employer.
