[3035] in WWW Security List Archive
Re: About "CIA Web Page Hacked"again
daemon@ATHENA.MIT.EDU (Michael Alexander)
Mon Sep 23 11:22:43 1996
Date: Mon, 23 Sep 1996 09:16:38 -0400
To: www-security@ns2.rutgers.edu
From: malex@kersur.net (Michael Alexander)
Errors-To: owner-www-security@ns2.rutgers.edu
At 4:30 PM on 9/22/96, Albert Lunde wrote:
> >
> > Thank you for your information of "CIA Web Page Hacked".
> >
> > Now, in our Japanese security group , that is the only topic
> > of conversation
> >
> > Then I would like to get more information about that.
>
> It seems unlikely that the CIA (or anyone else) will tell
> us how their web page was hacked. Read the CERT and
> CIAC advisories for the past year or two for examples
> of current security issues.
There are a number of sources that deal specifically with Web server
security. Three that I have handy are:
The WWW security FAQ maintained by Lincoln D. Stein
http://www.genome.wi.mit.edu/WWW/faqs/www-security-faq.html
World Wide Web Consortium, W3C at http://www.w3.org/pub/WWW/Security
The Computer Operations, Audit, and Security Technology, Purdue University at
http://www.cs.purdue.edu/coast/coast.html has lots of useful info,
including links to many other security-related FAQs. There is one in
particular, that addresses CGI scripts (maybe the most common way that Web
servers are compromised) that is worth a look.Unfortunately, I don't have
the specific URL handy.
Michael Alexander
malex@kersur.net
"What good are computers? They can only provide answers."
Picasso
