Security Incidents mailing list archives

Re: Rash of navy web site defacements

From: "Jay D. Dyson" <jdyson () treachery net>
Date: Thu, 31 May 2001 10:35:30 -0700 (PDT)

-----BEGIN PGP SIGNED MESSAGE-----

On Wed, 30 May 2001, Dan Schrader wrote:

Browsing the alldas.de defacement mirror I saw that nearly a dozen Navy
and gov web sites were defaced today. 
(http://defaced.alldas.de/defaced.php?archives=current&year=2001&month=05&de
f_day=30) 

Does anyone know what methods were used to deface those sites?


        From the looks of things, all the systems were Windows NT.  Based
on the ease with which IIS is exploited, I'd bet dollars to donuts it was
entirely IIS v4.0 and v5.0 bugs for which advisories and patches have been
around for quite some time now.

        Exploiting IIS isn't simply trivial.  You have to tie a board
across your butt to keep from falling in.

- -Jay

  (    (                                                          _______
  ))   ))   .- "There's always time for a good cup of coffee" -.   >====<--.
C|~~|C|~~| (>------ Jay D. Dyson -- jdyson () treachery net ------<) |    = |-'
 `--' `--'  `---- "Get in.  Sit down.  Hold on.  Shut up." ----'  `------'

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: See http://www.treachery.net/~jdyson/ for current keys.

iQCVAwUBOxZy19CClfiU/BIVAQEe7wQAiueC9F2C9ij3/IwRNYroEbiIUJMNVdzX
2R011RvZIQjywgAO9GiCzFVE6sC06gxyRBtSfqzRcJ3LDVixFQSul3AaJBozzJJm
9kyldkFbdmfuqvnTLYmQoiLOH+/HRD4bGRgdvEGdAro9ql1DBa4XTgjAbAC1+++0
HXdJKQtyfrU=
=eT7q
-----END PGP SIGNATURE-----

Current thread:

Re: Rash of navy web site defacements Jay D. Dyson (May 31)
- <Possible follow-ups>
- RE: Rash of navy web site defacements Andrew Thomas (Jun 01)
- RE: Rash of navy web site defacements Andrew Thomas (Jun 01)
- RE: Rash of navy web site defacements Otto . Dandenell (Jun 02)