Date: Wed, 25 Apr 2001 21:06:21 -0400 From: Alan Clegg <alan@clegg.com> To: mudman <mudman@R181204.resnet.ucsb.edu> Cc: freebsd-security@freebsd.org Subject: Re: defaced websites and the like Message-ID: <20010425210621.C43159@diskfarm.firehouse.net> In-Reply-To: <Pine.BSF.4.30.0104251453340.9592-100000@R181204.resnet.ucsb.edu>; from mudman@R181204.resnet.ucsb.edu on Wed, Apr 25, 2001 at 03:05:10PM -0700 References: <Pine.BSF.4.30.0104251453340.9592-100000@R181204.resnet.ucsb.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
Unless the network is lying to me again, mudman said: > Maybe as a good follow up, would using one OS over another OS change > the risk assessment for this kind of thing? (although I admit this last > question would take into account a lot of different variables) I hate to toot my own horn, but... *TOOT* Check out http://www.attrition.org/mirror/attrition/ for a relatively comprehensive list of defacements, including breakdowns (and graphs) by OS, web server type, etc... for example: http://www.attrition.org/mirror/attrition/os.html#APRIL2001 While I'm not part of the attrition team, I do now host their defacement mailing list. To be advised of defacements as they are "snapshotted", send an e-mail to: defaced-l-subscribe@mailinglists.org Each annoucement includes the type of system defaced (OS), web service running (apache, IIS, etc etc), and the "group" that did the defacement. There is also a link back to the attrition mirror so you can see what the defaced page looked like even after the owner 'fixes' the problem. AlanC To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010425210621.C43159>