[3046] in WWW Security List Archive
RE:"CIA Web Page Hacked"
daemon@ATHENA.MIT.EDU (T.Kodera)
Tue Sep 24 10:18:29 1996
Date: Tue, 24 Sep 1996 21:35:00 +0900
From: "T.Kodera" <BZH01572@niftyserve.or.jp>
To: www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
> >>1. Security Level of CIA server (including webserver)
>
> Sorry, I don't know.
>
> >>2. Why did this accident happen (in the view of technical expert)
>
> Speculation:
>
> 1. Weak service homed on the web server, other than web. For example, send
mail
> (FWIW, I'm not sure the DoJ attack and the CERT/Allman Sendmail announcement
wascoincidental.)
>
> 2. Weak service homed on another host with a trust relationship with the we
b
> server
>
> 3. Attack on the operating system e.g. Several recent LINUX holes or the
> Solaris holes revealed two or three weeks ago.
>
> Possible but for this attack less likely:
>
> CGI or PERL script hole--less likely only because I saw the CIA site before
the
> attack and don't recall any obvious cgi features.
>
> Remote administration of the web server combined with a sniffed password--le
ss> likely because I doubt the CIA is this foolhardy.
>
> PHF hole--Surely, after all the traffic on this hole recently, you'd have to
be
> living in a cave not to have closed this hole.
>
> Insider/former insider/social engineer attack--less likely because of the
> results of the attack, publicity of the Swedish hackers prosecution.
>
> Dave Kennedy [CISSP] Research Team Chief, National Computer Security Assoc.
>
Think you for your variable information .
Now I'm checking all of your information .
I'm bad for Engliish , but I will try to read the message.
