From owner-freebsd-security Wed Apr 25 14:59: 5 2001 Delivered-To: freebsd-security@freebsd.org Received: from R181204.resnet.ucsb.edu (R181204.resnet.ucsb.edu [128.111.181.204]) by hub.freebsd.org (Postfix) with ESMTP id 012C737B423 for ; Wed, 25 Apr 2001 14:59:02 -0700 (PDT) (envelope-from mudman@R181204.resnet.ucsb.edu) Received: from localhost (mudman@localhost) by R181204.resnet.ucsb.edu (8.11.1/8.11.1) with ESMTP id f3PM5A809607 for ; Wed, 25 Apr 2001 15:05:10 -0700 (PDT) (envelope-from mudman@R181204.resnet.ucsb.edu) Date: Wed, 25 Apr 2001 15:05:10 -0700 (PDT) From: mudman To: Subject: defaced websites and the like Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Every now and then you pick up a copy of the newspaper or you are on-line reading CNN.com or something and you hear about these "hackers" who broke into yada yada's website, or did this or that to NASA or the pentagon. Usually the article follows up with something like how they posted pornographic material or put some signature onto the site. Of course, what they never tell you is what was actually wrong with the systems that these things ocurred to (obviously major news sources may not be a good idea for getting your security information, hah!). Are these kind of attacks on httpd itself (Apache or otherwise) or are said "hackers" (heh heh) breaking in through other channels or services? Maybe as a good follow up, would using one OS over another OS change the risk assessment for this kind of thing? (although I admit this last question would take into account a lot of different variables) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message