From owner-freebsd-security Wed Apr 25 18: 2:23 2001 Delivered-To: freebsd-security@freebsd.org Received: from firehouse.net (rdu26-60-051.nc.rr.com [66.26.60.51]) by hub.freebsd.org (Postfix) with SMTP id E79CD37B423 for ; Wed, 25 Apr 2001 18:02:19 -0700 (PDT) (envelope-from abc@firehouse.net) Received: (qmail 48531 invoked by uid 1000); 26 Apr 2001 01:06:21 -0000 Date: Wed, 25 Apr 2001 21:06:21 -0400 From: Alan Clegg To: mudman Cc: freebsd-security@freebsd.org Subject: Re: defaced websites and the like Message-ID: <20010425210621.C43159@diskfarm.firehouse.net> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.4i In-Reply-To: ; from mudman@R181204.resnet.ucsb.edu on Wed, Apr 25, 2001 at 03:05:10PM -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Unless the network is lying to me again, mudman said: > Maybe as a good follow up, would using one OS over another OS change > the risk assessment for this kind of thing? (although I admit this last > question would take into account a lot of different variables) I hate to toot my own horn, but... *TOOT* Check out http://www.attrition.org/mirror/attrition/ for a relatively comprehensive list of defacements, including breakdowns (and graphs) by OS, web server type, etc... for example: http://www.attrition.org/mirror/attrition/os.html#APRIL2001 While I'm not part of the attrition team, I do now host their defacement mailing list. To be advised of defacements as they are "snapshotted", send an e-mail to: defaced-l-subscribe@mailinglists.org Each annoucement includes the type of system defaced (OS), web service running (apache, IIS, etc etc), and the "group" that did the defacement. There is also a link back to the attrition mirror so you can see what the defaced page looked like even after the owner 'fixes' the problem. AlanC To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message