From owner-freebsd-security  Wed Apr 25 15:13:10 2001
Delivered-To: freebsd-security@freebsd.org
Received: from mail.wlcg.com (mail.wlcg.com [207.226.17.4])
	by hub.freebsd.org (Postfix) with ESMTP id 22DE937B423
	for <freebsd-security@FreeBSD.ORG>; Wed, 25 Apr 2001 15:13:06 -0700 (PDT)
	(envelope-from rsimmons@wlcg.com)
Received: from localhost (rsimmons@localhost)
	by mail.wlcg.com (8.11.3/8.11.3) with ESMTP id f3PMDF834095;
	Wed, 25 Apr 2001 18:13:15 -0400 (EDT)
	(envelope-from rsimmons@wlcg.com)
Date: Wed, 25 Apr 2001 18:13:11 -0400 (EDT)
From: Rob Simmons <rsimmons@wlcg.com>
To: mudman <mudman@R181204.resnet.ucsb.edu>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: defaced websites and the like
In-Reply-To: <Pine.BSF.4.30.0104251453340.9592-100000@R181204.resnet.ucsb.edu>
Message-ID: <Pine.BSF.4.21.0104251810160.30854-100000@mail.wlcg.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

Most of the sites that are defaced are done so with the smallest of
effort.  Usually sites are updated via ftp.  Just sniff the ftp username
and password and you can violate to your heart's content.

Robert Simmons
Systems Administrator
http://www.wlcg.com/

On Wed, 25 Apr 2001, mudman wrote:

> 
> Every now and then you pick up a copy of the newspaper or you are on-line
> reading CNN.com or something and you hear about these "hackers" who broke
> into yada yada's website, or did this or that to NASA or the pentagon.
> 
> Usually the article follows up with something like how they posted
> pornographic material or put some signature onto the site.
> 
> Of course, what they never tell you is what was actually wrong with the
> systems that these things ocurred to (obviously major news sources may
> not be a good idea for getting your security information, hah!).
> 
> Are these kind of attacks on httpd itself (Apache or otherwise) or are
> said "hackers" (heh heh) breaking in through other channels or services?
> 
> Maybe as a good follow up, would using one OS over another OS change
> the risk assessment for this kind of thing? (although I admit this last
> question would take into account a lot of different variables)
> 
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (FreeBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE650v7v8Bofna59hYRAwg7AJ9hsPkJ++0jfB9lmveJSscLIMCq5QCgn2ft
TXS9ul+v5S4uPQ9VxeOL9Dc=
=doFC
-----END PGP SIGNATURE-----



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message