|
|
|
Fireworks, Hot Dogs and Web Defacement This Weekend
By: Larry Seltzer
2003-07-02
Article Rating: / 0
There are 0 user comments on this Web Services, Web 2.0 & SOA story.
Is this really some underground conspiracy or just a bad joke? Hacker contest site is a real Amityville horror.Cast a slightly more skeptical eye this weekend at the Web, as an underground group has scheduled a volume Web site defacement contest for Sunday, July 6. You hear about this sort of attack every now and then, when juveniles put obscene phrases on a company site for political purposes or simple chest-beating.
The opening page to the contest site has links to pages in English and Portuguese, leading some such as iDEFENSE, a security intelligence company in Reston, Va, to speculate that the page author is a Brazilian hacker. iDEFENSE considers this a low-level threat for the moment, at least until theres evidence of a real coordinated effort. So far I havent found a Portuguese speaker to check this point, but I wonder if the Portuguese page is as badly-written as the English page. If the Portuguese is coherent I would agree that the author is likely Brazilian (or Portuguese, but more likely Brazilian where there is an active hacking scene).
The first thing that stands out about the site is the appallingly bad English. I briefly considered that it was so bad that it had to be fake, but Ive actually seen worse from native English speakers, so Ill let it pass. The goals of the contest are, at first glance, frightening: contestants are to shoot for defacing 6,000 Web sites. Various point totals are awarded to site defacements based on the operating system running on it and defacement techniques.
But other things about the site dont necessarily fit with the Brazil scenario. The site is hosted on a US ISP (Affinity Hosting) and registered to an address in Amityville, NY. The administrative contact for the site has an email address in the fan domain of a Hong Kong pop singer. Of course, domain registration information is easily spoofed. (Incidentally, the site appears to have gone down as I am writing. I guess someone finally told Affinity Hosting.)
And when you look carefully at the site and the details of the contest it doesnt pass the laugh test. Theres a reward for the winner: a free Web hosting account with the domain of your choice. How could the winners expect to collect any reward, and why bother with such a paltry one? Other things dont add up. 6,000 sites in 6 hours? That doesnt sound very practical to me, but even if it were: whats with the limit of 6,000 sites? Why would they want to put in a limit? Why does hacking MacOS get your more points than BSD, when MacOS basically is BSD? How would anyone judge who actually hacked what sites?
Even if its a fake contest, its entirely possible that some attackers will take up the challenge to vandalize some sites this weekend, but Im not feeling all that scared at the moment. Years ago there were many of these attacks, but its slowed down, I assume because larger organizations are less likely to use default passwords and employ better firewalls and so on. Nowadays the only way someone could be successful in such a contest would be to hack large numbers of mom and pop sites like flower shops and local restaurants. Wow, you have to be a real tough guy to get away with this. I bet nobody actually shows.
Security Supersite Editor Larry Seltzer has worked in and written about the computer industry since 1983.
|
|
�������x}r8qռ�Fsv1E�)%[rey-%L*�EB��%);}}��AKdΝؖ�nt7�F��$I�Ӟc-Jg1;D�{{?&FP|o�+(rdx�9%GtjY�)j�~,sbs:������{#|6�%?w ^�{��j �KԜLxc&lδ e��s`p��,Fm�gM5d{9B �~5;����(CJ��|,Z�="?+BT3�4IEc�$B��LTkr\*J~+Mp}˴M�7;z}R)�v� �?
n84�h;ZCr�yMS!�Esz�}qF�5nx��vtx/o�YHMD_"0QP�dz$�_�S�::yXB�,9"yd��|'rX:,z��dڱ�f1Sd�XIc/Y
��>�'sKrоd>=?ϐ}b)PVU�̠`W:+1㝩S9k<]st.[>9]VcGV=Bg#j�`Bm�iuuUo~=�c�߯CEXCy�Cm0MߑjTȽEf;�|ji�>\tNIN,�-{A���x훨-4Kۗ9K
}1x�yp-FX�,>JAf��k��7
JF�o 3NE �-�uj�vf�(���YKS�70���3�h�K_s;�n�ZK�0�[=RFp�\� Д��a�#x`Ma�b&DJH7�Rҁy�e�
TY��&嗋�m|*(If(;�/3 �BD4?CC���0&pJ\�~�_5
.ÓwawW9Q]�K\M�ޢG�\z�cO�guEW~�?u~]�8J�j�p�X.B2iKB0.p67�j06�V)Ûq **� hS�2e8l�2nб6滟�@uti3c|>9Gm'!|Аd�
mx=Z.s3I��Xn`�&h/qpy4�ڭ�-%_� ><��zN=��=H�}mP`�9�5$&CMߟ�̀��s#08w�ɝ 5�y0�ݻ#i`y1�&���բ� !Tg ,Z�u= }
�wA�,�gs�6GT[LK��x�GN R�P|#sZ(�_�-�2(%EE2��� 4.gP)AH �=k��� ���99y���/E�R
.<���B�I����ڹLX.QY,p[/ �͙JRdYU Q\�9�{DM�f�T`B[/Kቖ&ZlY*)ǪzXc&cS7a �z{@Zgޓi� K0:�ii`2Ґ(e`9�O<�sy�?�4ğN'}Ǻ������35{00�q}@����dufB7g
�ƩOI|��B3<
I8M{luVs]ˤF`*�,q[r�dž�fXi8Õ�=3q
�TfҬt|9厬mT�@~.&](LuΩ�J�J&��k*HX3�j-r< 9:[�ȭ|3nR>��UO%�X�ScX`D~�w�Lzb8uf�m/n$)`�V|�\v��Lg˺V�kͲT]۽/ 7�r@^�օV�(�g�@x#� dlK���kZ
+c:K�_ji��hH*6�@\\1,#��%>D!1~h�/a2(9LpSw{!{jaa�C�_*��rM
}d2jeUQ�ګY3l�d �tA�qF�AbH�栢��[
҆|t�ku:.P�Cϱ.點vo���6�*�||0ː
;u�-
CM5,��&Z��{gm1J�hx=e\�8��XbO`�\F�Czf/.���K�Y{y]ؓ.B�|vn�N ��(|p4'Z>�plZ`/R7uig#�eU�&-w%}���IO5 &^PGe��d�*9-0cY}6aDm6#k� CQ>BtM{�� �\�ipfZ�wAP��i�If~~i~0*L�y�.
o>:F}�`+z\sg�It�о&hʰe�h8`Zzq&�$sD(�Oܧx&\3atSӧטmEw4`D�k ڸ�/�)gpG,�^��t_@?^h#��Q
SK@�PT1"&cK�cPN-I��=�`q0$z_c�K&��O>pӞ�rFVyYB濛?O�YDjZX�Z)�RZfU`s�ϏyO�?�"5T��x�/Oq�8ݩfCӨ7?g!v8h:�ܦ[pC�>�#�\\V`Qa�SƖ=4F�X?`
$̮�$fG`Ó]P)WHF(k1��%*B
Y�sazT�|x
d`3
]lW��1L__CSx�VC89u
O�#%c:Yd:@�ݐkZ(2h:,n`{]�0�>AG5�0�qHG�&{3�E�689��o:+@%5-kW9֊���k[S'sGŕR�
��#n׃13�3b_@��JV,WּӪ�b^
�چH��B�GdD���#`P[v*��w�TkO6�h)�YS!RW�
dĞ�e�eK3Et�ކ'QyϤn[> |j9s#Op�L+ �0�SI�l
x@̬�Gj1m9�7a~���"��(1/j9��`,fqN'� epv�N{�ס9�,�3?tTk���ktx{�Wz�&[�wO4vʭ_MWE�ORD�71�PUL��x�g4sfDcC�fw�P�+'&Gl�E=a,0r&]☺��n>��_e7UE�C?5eqb���E1 w܆cy$
?�S-l8)F::~�ݕDw�{?tZ#RT>Yr 5OGxǀ5�_AwyD�Dyy|���Fke�H�LЇߤe�)��Xwpْ:6?���eB*{f�B�,&8ܯI�Ÿڈ9}dvjZw5ð
]�a��區��UNzA+t:Kߧ5?wL.:m)�ޠw%o= rLp'Bj^t]�$'d�0
szn^'�w�M1k�0fhRdQ��fcxHύ�^�!u
Be\z5g��^|&�֒}UYq!slPh4lꏽ�q�֭
Bf/�3�bB!|Fg<؇APc��{ z�H)'4
�N):�\b/ź$��VB�]Aa2"�(BS.iDO�§,>]79S��j6_�}F/JN�~v�R-[I7Ϯ�:fw4E1vWK0NfAda+F+9ǭZwq@H߉
NAN���|hs_^Y��lm�DK�,Ai8��;=?P.V=w9c9|sc/unW�g4F�HG.{�Ҽ�I�09iJs j�BwGH|9~ſ§ ��
ڝ9�k3rĸ~inԕŞa4tͥV<'i?{¾"CWq��:i)`*9$�Dh�HW{Uw7}� sᔤ˾ȔWN��HX�d1.�P2�vA�Js[gȞ�x~KW�bR���?'��X}&
�~W*];RB6{ZgeQJW=�(qM@j%E(qQ�#{�"F%�t`��o�14�L,*zj6;l539&i� ��N�;x1^4Y��a'AXy� �Vrl8w@rs&�8<��O�$�euw#�S�''Sc3H`GDA3}缩g6A� jm3�Z0\9f�X��W+;�IFܱ�So-*ߟ?�1v�Z7�{cE�|3̔
un��p*/9ߙ?�����P�?�M{fr+���7�~=fɸ�!E'͖�x�LM>_�'h�k4᭰�LgL^(�V�a.z/z�{�_p��K6�P
�Lcx@.DWMIOM'玏g@M(f><<2Qo�[
(D.S��^s�䭯Z)=
wɯ0PO!Ff1b;RF�F"1v}�%�pT�d @nŎ�D\�NK|2����3 V+�vat�9�n�]iN��J_o�'��?��Y�렳$*�f=ϝ{i,�OYM4Ŕ�T�d 'pr�c $
6cCvށM�#�h��$0즍7
tYC�/�HmH�jYt]<�g,ǧ�0��GJgv"3pKz�D1?;"It�H"�\H!f��!kODz27IH�IحrrUAwWT$&�&"&�lgg�
4A9H�#��p뇾wTzxT3
S?�~��P$�(qC? �(a@ �}1ۮ� ���;Tڊ�%
)�zlS\
��u f<� ul\QJr�qq:��LE�p��8mw��*mk7sZg ux#3�6Hl�6%V`�R\-*��P�B��;�
�P�z�!�٥Pݔ]. <��0#k�g͉-X!kd�D38&JxU«2bU�ny�!ڏx썭��&0`JEʜ3(T�EN
Z���hR-U�5�)$`�
%�NTG+ YQQ;)/V�)�MLjv-�>�
,�ؖ���A��E�,Lc�,&QB:~_=-B2zcJۮ USު=;oueΤS���WO�@Ja��[S��� H���l(�}1戇8ogc7w`�;0X)o�st80Yܯ*N��%'XVXJ>�?v��ɰLZ2)0>"P��L%BzVXm0NȆxf*]EV��L"ش�ˇ�] �[D:�`�fX]
_:Ѽ[i2Ic>tH���'l��ǒtMm$��Rfg4v!O=.U.Ur*Y|oA'ت`q<{3_6g[۹1/K/L|#J46|qC~)}-~Q_�=uf���(ꮌ( �!k�k�_5BA S}�(>�s Bw6dWb;X�Ϊb�
ǹbvj{K� �2|`��^q<(Yc�,�� ��A`�#�� !��{Ow$K�%�;Tڐ}jϸԱǞ >ut�/7{]پӬ9IJ��ZT��OG��W f 8Fb3d��v���d�Qc�t83m3�dcHDa>�OhHD3�\,뛤�D�/㮶#ŷzn7ut<#hmmM�4F{�mYï^矑
�MT*^��u
j1��ߤ�<^m_uױ��(:_+{�+A]�1{tѥT
JY^�Y_ͮ�ŖyI���c�~�P2H3@84kIY'֜�[IHc�c;w:PGT1̭,�Odns�j�YUhxT[ݷ8Y��_�iY$yT�1����%1Y#�Ћg��sd�su��QxY~\�o�o;*x(x�]=G?,~�@�(�
x��}�-�Ҫ=W5p��+� Zi2
Im��)u[>1^�xIPu�/
:ä>&L&SG4�R\0�y� :&M-n�#o-O?'.C#�YXcJ:�Ǐ{Qg9s��w�@¤�t'O3~�D2E��%����~[Bt�04�L��w�D=O#�7'jK�E�k)'>?�EW `j6^g3��nb(zZ��*VM �BA����l)ȁ.bRrWVc3�V�<~܋R�m�8Q{Rr,}r@�&z>�cW�F�%5z�J�0?!,qHn"9IF~��lƅqmśx
�Kq�=b�t£'5̈G�bo=!ɣKOk&p���b��<�u3��i<1E�7�Zz{sx"(^��龢;]颀S�'찔71tY������{ӡ[Kx6_j���~��R.gI*
�qzJd�j�ŷQ;^�}5UR!qy�{�>=DB`z�E3֑:�M#jX0okы.�.��K&�c�2Jta|XKG�V$(�c�X�azYT��b8���|}P���qUc\o7�Z�W�w�^ڨ]�LG�Ÿ��_��^ˉHګk6&K7 'iљ��Hۡ蚛[.н"%զ�*>#Ծ3=F�ju)�0̢&�h�ͬͱ-�
Մlk�va|�D�uv�7H)�kf�K2A�+R`o)HHuT�߉�f�FܞVk�Pk`�Šx]h%!MF(xltix*�(;��S/�;���n�JYVmIr/�.�kh�>a�y�
)V>5eqb+/>B2<�mWC�W|�Ym[�Њp;�o�ɀ�`(8N⠑pA>po2zUT�*ՃZ~j8jNɻ�d�>�M��x\Lґu
���m;A=~dDLROw
-�#�Y��R`]7�˽�}�D['鍀�C"Thb#3���^(
`�P�0\'6��~hv.e��}�Ȉep樯Md�Ya#o�Me�VQh0v$ֳT@� C�OwE)�d^y�»'_A1(J� Q7 L_J.Jge��E�t�0��_�#��?B5�)%nmn$|�s�^1�Xh0u�s�<*�ʅk�+�X<6s�we~q��-� 3�ZgkR>ɖàzUQ�pV#ߛ�i�Sg0Y�lKlݜ�(�8����Z1I(tC�K/H�xzsb^[ �z~�Jb+
zwj꾌���B�h),f,�
U�> MꚂOJ�$B�w|.OOz99·e�2�=M蕴B������9I͑1;�*Yw40u�>�1�};�1h^]]|"gk$g68^wfw~6%¶V-�J-ݟV9>>u.WםAqfz0�cQlB[d�_T
ΓQ�9lvNS�ʙ٢ksY+rK��x5�"
/g%�qx&X0a'�:G(%^ٌ/!�bҋSi�0/L̠�uW��t��?{ʼnt,3]r��Z���uR�*'
Y0�8���SD~}: v�ԼVxy�xQ�g�e_C&pj3�彌r�Р(?g@��Pa}y'8/rN+��g:�NFsOPi}�Ȁ�]1>]�w�}��}�����v3�e2�ˏP1�3�(By7�2c|/O1�`F9e@2O�K/C\�\e�Կʨ
s?}�g?��dW(u}����?f�~�3�A�(*��h&��Ku1�Ay3CΚWpzz;�9(/�'�RȪ_�y*%YF!g賊���+F/_+ʠsk3�
Я!�ߧodnldֹ:
aq�+�7׳jᙗfZk
Ǹjuv�ņ^_B��BU$X2T���
s hxVyd�R�
byeo?+* wOʻϝ)i҇�j.�{%])w[O'i��kr(%s<2g!�h{U2̉�h�#�{"̵抁@D1�K�AF0w��QF }^f>��.?
fVA�t{r��]tK�n
�̖w'[W�/:)7=MԽ>�.nmG;yh#U]2"X�;Yo�)P/\�& Oݡσf�ţu>�xZLxe8ޢD�);F�yk@�xw_�j�nAm�{} `/�ë6{hg"di�A>gA7gn"�g�B8#�0�d��<䤟]cMx�;wM-=�� �nhNiBGm �?MX*f�uؑ:ɹT)jP߅J\ܓ.[ 〈�ctj*��YI0jE9,��P�K=#
��.M3^�&�5ϡ'N�!�3pC>&J=F�@ P��c�ztb其Q7?F�+c*>V7�/E5/*��{_۱�B�c�v��J�,4�W�{3ЫD@.^Is#+m^5:tp�6
߄^0,ٵ&"m"�V��t�
�Z<6T�b�b�rс:9N.c˃a.yBR~��X5R��~�Y�F�E`PMC?yO%
�_�)��Gh1_����n�f>��ԃ`ƨxcRHML _b
�3S�1'x�>ݹ��`SDƠ}Q^�i2#7"9�S*aѡ(Y�%"1x�1<��&Ѱ+ÆaAoN[�)#,|HVSPsXf@-N��-N*y+f[��BUm�k#�1,uyƠ#)�e
kk"�tZзkdY9Hr&z�U h$.6=j"6��:
gCbB��mo뭻N+0\d�~\g;Tl[�7C���`+�$k�W�?}�[D=$~1|o,Cgc��.ւ�_M}з�ǁ/�MzKVo7j���(&\`ьJq[+XAG�*9�K7"i½oPm�
B���0wK�{�
, ��CQ6�`�>�Lݖ�".\�읙f�e约1cbV!qme�F���e[� qgkc'p�G�!Mvq5)f�zc�<��z�w`7@#>Ƌ�rd{KooW�ԕU`7g�~"�V����CA6V\K>b�(Q|�Ӽ�|ax7=L_d%�\!dj��@FC0!6���ZY},�KE�%&(Xp\� ktk9Q�-�9���B<�oc3��+owt%(�om+�;Ѝ5i�ϰ1igNb�kc/�φŀ��{̾1��Yf#1ثu!}đ��YX&�7IV�/kti�(�aa�ɗX�I*'\`��b@Xqɩ8T5�.KwbA��<]�fs鈇T34[;�<;�O�5{�hT*ቋoڝw烣�ŧu��,M'{�.[R@ђ�[4��!wl:/=={`ol��sg�|�oU��AtM^P+j5�Nb�j|�ۊX�#iQg�rYO�R}{ol'�uE^8�%܆mJƨPs̥D/4^JBL�ͦG(ϗ �wE&l�)vsml-�6�C-�{�);'���
|
Web Services, Web 2.0 & SOA 
