July 6th - Website Defacement Day?

pabl0 writes "According to an article from SFGate.com (San Francisco Chronicle), a challenge has been posted, inviting web-site defacers to alter the content of as many web sites as possible on July 6th, with an apparent limit of 6,000 websites per contestant. Looks like this would be a good time to make sure all those web-server security patches are applied!"

If /.'ed

[Bitwick]

Alternate Link for Article: http://www.msnbc.com/news/934055.asp?vts=070220031 125

Re:If /.'ed

yes, use microsoft update now.

Re:If /.'ed

[Bitwick]

Alternate Link

Re:If /.'ed

[SuperDuG]

From the article ...

"The FBI is taking this very seriously," FBI spokesman Bill Murray said. "Hacking is a crime and those who participate in this activity will be investigated and brought to justice."

Hell yeah!! Remember how vindictive he was trying to get that damned gopher in Caddy Shack?

Re:If /.'ed

[willis]

Probably because it seems unlikely that the sf chronicle (a major newsource) is going to be slashdotted. It's like saying the NY Times is going to be. I'd guess that some mod took this as playing for Karma.

Re:If /.'ed

[yourmom16]

I never understood the slashdot effect. How can a bunchh of slashdotters bring a system to its knees when they dont even RTFA?

Re:If /.'ed

[Alsee]

Bill Murray
Remember how vindictive he was trying to get that damned gopher in Caddy Shack?

OMG! That pesky gopher defaced the FBI website!

-

Re:If /.'ed

[Ignorant+Aardvark]

I never understood the slashdot effect. How can a bunchh of slashdotters bring a system to its knees when they dont even RTFA?

Some of them use that 5X speed web browser which automatically caches everything the page you're looking at links to. Well that's the only explanation I can think of.

Re:If /.'ed

[mrselfdestrukt]

Some of us just click the link and scan the first line to pretend that we RTFA.
* I WONDER if the SCO website will be targeted...*

Oh yeah, BTW: In Soviet Russia girls look like you as well!

Re:If /.'ed

What kind of web sites will be the target?

I remember when my web site was hacked, and it wasn't funny. However, the group that hacked it were stupid, I caught them talking about it in a chatroom with a dozen witnesses and with IP tracking; they gave me the password to get to my account again. I should of reported them, oh well.

I just don't understand why illegal hackers target people who haven't done a thing to them... is it funny to ruin what possibly may be someone's only enjoyment (making a web site)?????

I'm no pro at this stuff since I don't run my own server and since I've never read much about it, but sometimes it just seems so... so... strange why people would do this kind of stuff. Do they have mental problems or just plain sick minds? :(

Fill me in...

frosty piss

Yes, let's put this article on Slashdot, so a few million would be hackers can go ahead and deface a couple of hundred websites apiece.

What the hell is wrong with you? This kind of coverage only causes trouble.

Hacking into servers and defacing websites is illegal, whether you like it or not. Doing things like this costs PEOPLE money.

And don't argue back with that "well Microsoft deserves to be defaced" bullshit argument, or anything of the sort. They don't deserve it anymore than you do.

Now watch me get modded down by all the haxx0r n00bz0rz with mod points.

Re:frosty piss

[wiggys]

On the other hand you could argue that by posting this on Slashdot it will receive huge worldwide attention, and as the article suggested now would be a great time to patch your web server.

It's a bit like Mischief Night in the UK - I don't like it, but I don't bury my head in the sand and pretend people will forget about it. Instead I take precautions - move the car out of the way, make sure my windows and doors are locked and keep the cats in. It doesn't hurt to have a security test now and then.

Re:frosty piss

Uh, dude, Slashot isn't the BBC. This grabs the attention of the would be problem makers than it does anybody else.

Re:frosty piss

[wiggys]

Well *I* now know about it, and I haven't noticed in on the BBC yet. Maybe now it's been on Slashdot it WILL be reported by the BBC.

Re:frosty piss

You are not an important person. That's the point.

Re:frosty piss

Doing things like this costs PEOPLE money. I will be much in demand, with the greatest biz plan in slashdot history. 1. rm -f index.html 2. cp index.html.old index.html 3. rm -f index.html.old 4. Profit

Re:frosty piss

Mischief Night? Never heard of it!

Sure it isn't just people purposefully making you paranoid?

Re:frosty piss

[commodoresloat]

It also grabs the attention of a lot more people who are in a position to patch web servers than the BBC.

Re:frosty piss

[squiggleslash]

Personally, as someone who maintains a fairly substantial web project for his employer and whose system administrators are abnormally overworked at the moment, I'd like to know something like this is about to happen so I can keep an eye out that day just in case there's something we've missed.

If there's a large amount of cr/hacking going on, I'd like to know ahead of time so I can make preparations.

Re:frosty piss

[PaulK]

So what exactly are you advocating here?

Censorship?

Or, could it be, that you are assuming that /.'ers are no more than script kiddies?

Personally, I appreciate this information. I can now ensure that my networks are fully prepared, and monitored during the event.

I'd rather view this as a PSA.

I'd bet that any cracker that intends to participate, already knows about this.

Re:frosty piss

[zaphod_es]

Yes, let's put this article on Slashdot, so a few million would be hackers can go ahead and deface a couple of hundred websites apiece.

Shurely shome mishtake here. No Slashdotter would ever wear a black hat! Wash your mouth out with soap!

Re:frosty piss

[HexRei]

Bullshit. If anything, this will SAVE companies money in the long run. You think its BETTER for a web server to sit there with unpatched security exploits, waiting for a truly malicious hacker to do something nasty to the server like zombify it, than for some joker to deface it, and in doing so alert the administrators to the presence of the hole (hopefully closing it?
Any company should be able to swiftly and easily restore their site from backups. If they don't have backups, they are STUPID and DESERVE what they get.
It's technological darwinism, curtailing harmless hackers just helps loopholes survive for malicious hackers to exploit. Security flaws should be pointed out and if it takes a rude awakening like a website redesign, then so be it.
Better than having your box end up participating in a worldwide DOS a year or two down the line.

Re:frosty piss

go hackers ! hack starbucks. hack staples. hack, hack, hack :)

Re:frosty piss

[Traa]

heh, and here I thought that posting a link to a 'news' article about 'stuff' that 'nerds' do was rather exactly what slashdot was all about.

Slashdot doesn't set a moral standard. The posters/moderators/community does.

Slashdot provides room for debates about these sort of articles. Feel free to debate the moral soundness of the topic of the article if you feel that inclination. Hint's like 'defacing websites is illegal' are probably a good thing for those readers that hadn't picked up on that fact yet though.

Re:frosty piss

[dasmegabyte]

Who does it cost money? Only people who overreact. Most defacers tell you how they got in and save your data. Patch it, shame yourself, and resurrect your site. This isn't fucking rocket science.

Of course, if you believe the pundits, every second a popular website is down they lose millions. Bullshit. My supermarket closes for an hour at midnight every night for computer inventory. If I want to eat, this doesn't make me any less hungry. I wait until 1:15, then bike over.

Re:frosty piss

If there's a large amount of cr/hacking going on, I'd like to know ahead of time so I can make preparations.

Preparations? You mean like installing all those patches and updates and locking down those open ports? In other words, stuff you should have done allready anyway?
Makes me think of when the slammer hit and the patch for the exploit was months old already...

Re:frosty piss

[stefanlasiewski]

so a few million would be hackers can go ahead and deface a couple of hundred websites apiece.

Hopefully this article will also be read by a few million would be admins, who will then patch their servers in preparation for the day.

Re:frosty piss

[squiggleslash]

No, like keep an eye out incase there's something we missed, or there's an attack using an exploit that hasn't got a fix yet.

You're of the opinion "security" is just a matter of keeping up to date with patches are you?

Re:frosty piss

What the hell is wrong with you? This kind of coverage only causes trouble.


This is so funny on so many different levels.
Well then, Roger Ramjet, what exactly is allowable content in the newspapers and websites? All Rush, all the time!!!

Re:frosty piss

[TopShelf]

Well, for one thing, it helps to serve as a warning to the many sysadmins around here to make sure the hatches are battoned down...

Just posting a story doesn't imply an advocation for defacement.

Re:frosty piss

[MrLint]

*ahem* not that i condone this kind of activity, however if the announcement itself get at least a few lazy ass hack webmasters to move and do their damned jobs, then so be it.

Re:frosty piss

[caferace]

Personally, I appreciate this information. I can now ensure that my networks are fully prepared...

I for one would like to thank you for finally getting around to doing your job.

Re:frosty piss

[Proudrooster]

This is the exact correct place to put it. Thousands of SysAdmins read Slashdot and now know that they had double check their security or risk embarassment on July 6th.

Also, I have heard rumblings of yet another MS worm run scheduled to run rampant over the 4th of July holiday weekend. (Prepare for pager meltdown MS and network admins.)

I totally appreciate the heads up. In fact I did an external port scan of my Class B today and found out that the firewall monkeys had opened incoming ftp from anywhere to key servers. If it wasn't for this new threat I probably wouldn't have bothered to rattle the door knobs before the holiday.

I'd say that everyone has fair warning. Make sure your backups are up to date and that you don't have any easily hackable services exposed. Now the only question is, "Who will be embarrassed?"

Remember folks, it's not just about defacing, it's about defacing creatively.

~ Ha]<0R D00D

Re:frosty piss

[nacs]

As a webmaster, I'd much rather know this in advance so I can be prepared than be caught off guard.

Now I know that I should tar.gz up my root web directory on July 5th--just in case.

Re:frosty piss

Now watch me get modded down by all the haxx0r n00bz0rz with mod points

I wish people would stop saying this, it only enocourages mods to mod up, but that's why people continue to do this. It's simple: a person rants and says, "ok mod me down now" or something similar, and they're modded way up. It's karma whoring pure and simple.

And it usually works every time. Sad.

Re:frosty piss

[PaulK]

"I for one would like to thank you for finally getting around to doing your job."

My first reaction, (well, really my second. I DID hafta pick myself up of the floor first(rofl)), is to point out that there is no one who wouldn't double, triple, and quadruple check everything with forknowledge such as this.

I, like most of my peers, stay on top of security.

Thanks for the laugh!

Re:frosty piss

[Jugalator]

I still believe it's better to have a website "defaced" than having it hacked by some group of hackers with more evil intentions than replacing the front page with "boohoo you suck". If a website can easily be defaced, they have a problem. Sure, they might see it as bad PR since the world get to see that "this company has a problem with security". But I'm not getting that worked up over that part.

Re:frosty piss

now would be a great time to patch your web server

If your server is running BlowSoft then just hold hands and prey.

Re:frosty piss

[Vann_v2]

I can only imagine that everyone who wanted to know about this already did, so this coverage here on Slashdot only serves to inform people who didn't know. Most of those people will be the ones with the web servers that need protecting.

At the very least you have to admit that as many on both sides will find out about July 6th because of this article, rather than only h4x0r5.

Re:frosty piss

[Zeddicus_Z]

With all due respect, your point of view is absolutely wrong.

Website defacements cost companies real money. It may or may not be in the oft-quoted "millions" mark, but it is certainly a non-trivial figure.

For the benefit of those not in the SysAdmin/ITAdmin/Computer Security industries, I'll give you a quick rundown as to WHY they cost money.

• First and foremost, there's staff time used up in detecting, evaluating, responding to and cleaning up the actual defacement. This is not just a case of re-uploading the web content! Defacements are security breaches, and as such the machine is treated as compromised. There's meetings with management, co-workers, other interested parties (business partners etc) to establish such things as immediate effect, immediate course of action, whether to perform forensics, potential compromise to other systems etc. Reload and reinstall the system, go through the rest of your security logs (IDS, Firewall logs etc) with a fine tooth comb because the attacker JUST MIGHT have used his higher privileges on the web server to sniff out other avenues inside your network. This task of tracking down what access an attacker had, and what they did with it, can be a huge time sink (and thus a huge money sink)
  
• Cost in terms of PR. This is intangible as it deals with the affects on a company's good name and reputation. This can often be estimated quite highly, and can run into the *thousands* of man hours for complicated network scenarios
  
• Potential lost business through downtime of services. This is another area where estimates can be quite high. Sure, not every person who hit your website during the downtime would have bought something, but that's not at issue. What's at issue is that that could have bought something, had the service been available. It's called Opportunity Cost, and website defacements of commercial sites have a high opportunity cost.
  
• Regardless of whether the website defacer contacts you with details on how the achieved the attack and what they modified (which, incidentally, they usually do not. Web defacements are usually the work of bored skiddiots), you must treat the incident as a full-blown compromise, at least until you've performed enough analysis to determine that no other systems are suspicious. When you work as an Admin for a living, you do not bet your company's money on the trustworthiness of a 16 year old skiddiot (whom, lets face it, wouldn't have sunk as low as an ISS/Apache sploit if they were at all trustworthy in the first place).
  

Any form of system compromise is a major incident. Even compromises of Bastion hosts, which we expect to be compromised at some point, cost businesses money. Your opinion stems from ignorance of the issues involved and is exactly the sort of opinion most skiddiots have - although that doesn't make you one.

Re:frosty piss

[Zeddicus_Z]

Sorry, the "*thousands of man hours*" comment should have been attached to bullet-point #1, not the PR point.

Re:frosty piss

[pod]

Who does it cost money? Only people who overreact. Most defacers tell you how they got in and save your data. Patch it, shame yourself, and resurrect your site. This isn't fucking rocket science.

Uh-huh... and you will believe them because they've proven themselves to be such trustworthy individuals. They'd never trojan anything or sneak in a backdoor. Oh no, never.

Re:frosty piss

[Jardine]

Of course, if you believe the pundits, every second a popular website is down they lose millions

I do tech support for a website hosting company. If a server goes does and a customer notices, they'll call and bitch and moan about how it's costing them thousands of dollars. I love to point out these sites to my coworkers once the panic is over and see what their website involves. Usually it's some little puny site which doesn't make thousands of dollars in a year, let alone a few minutes.

If a website actually made a company thousands or millions per day, then they should be able to afford to setup multiple dedicated servers and pay an admin or two to keep them up.

Re:frosty piss

[JebusIsLord]

I think this is a good, well-publicised reason for sysadmins to get off their asses and patch their servers.

The people who get hit by this are NOT going to be people running the latest updates.

Re:frosty piss

[d3faultus3r]

They're warning us about something that could affect us adversely. An unintended consequence is more crackers learning about it. You claim that it's better to be unprepared and have slightly less attacks happening than to actually be ready and have a few more attacks to worry about.

Re:frosty piss

[bbtom]

Password changing, backups, and just checking that you haven't done an 'oopsie' (everyone does occasionally, even the leetest of the leet make mistakes).

Personally, I'll probably grab some backups of the SQL db, change my root passwords, take a few bits offline for a day or two (unimportant stuff that's barely worked on)

Re:frosty piss

And for those of us who are in the sys admin / it industry, I'll post a quick translation...

- You first need to ASK the PHB whether to sort it out or not.
- Then you need to ASK the PHB whether to check the logs or not.
- Then the marketing droids need to work out a way of sweetening it up for customers (eg. "it wasn't a hack, it was a autonomous network security vulnerabilities check performed by a third party")
- Then you all sit on bean bags and wonder - if the sysadmin did his job quicker (maybe if he didn't have to have staff 'consultations' every 5 minutes), how much less it would have cost the company.

Finally you track down the son-of-a-bitch who decided to use ISS and give him a 'concrete kimono' and drop him in the local river!!

Re:frosty piss

[nolife]

What the hell is wrong with you? This kind of coverage only causes trouble.

Sorry, but as many of the commercial vendors would like you to believe, security through obscurity does not work. It only serves to protect a business's reputation, not the products or the people using the products they produce.

Re:frosty piss

[jafiwam]

Yeah?

Well guess what. They put the thing out there before I was hired and put a bunch of twitchy-clueless web hosting customers on it.

I got a new set of servers, got to design how it all works, all patched and good and ready to go. Know what I am waiting for? Server brackets. The boss's dad is makin em in his garage. Until then, I can't put the new ones up in the rack.

Then I get to migrate all of them-there sites to the shiney new servers and answer stupid phone calls to explain how DNS works, and explain how their ISP proxy server is fucking broken.

You think any of this is my choice? (Aside from the shiney new stuff.) Think anybody is going to stop and think "Gee, this might be patched tomorrow and it won't be a threat to anybody as a zombie then!" Nope. They won't think at all.

Your justification for web site defacement sucks. You might as well ass-rape your sister cuz she's not wearing a chastity belt. If I run across your mom, you'd better hope I don't use the same logic you do.

It's not Darwinism, it's vandalism.

I agree that there are a lot of lousy sysadmins out there, causing lots of problems by letting their machines get hacked. But you should think about how you think things should go a little bit. Maybe it would be better if you concentrated on educating those around you how to set up a web site properly, hmm?

(As for me, I hope the Spanish-speaking nitwits organizing this end up in Colombian-Federal-pound-you-in-the-ass Prison. They deserve it.)

Re:frosty piss

[koko775]

it's wrong, but once the damage is done, people will realize how insecure the internet is and how secure it can be. They can pester MS for patches and wait it out, whatever they want. I don't support this, but sometimes a jump backward results in two forward.

Re:frosty piss

[countvlad]

No one "deserves" to get hacked and have their website vandalized. That's like saying anyone who doesn't have The Club in their car deserves to have their car broken into because they haven't taken the time to properly secure their car.

Here's a concept: Instead of holding a "how many people can you hurt by hacking their website" contest, have a "how many webservers can you fix because the admins are lazy" contest. That's a lot less malicious than hacking some family or small business website who haven't done anything to deserve this. How would you feel if I came into your house through that door you forgot to lock and smashed something important to you, then left a card saying that because you forgot to lock your door, you deserved what you got?


Don't even equate this to "technological darwinism" because it is anything but -- people are doing this to be assholes, not for survival. And any asshole script kiddie who does this kind of shit truly deserves to have the FBI knock down his door and drag his stupid ass off to prison.

Your post isn't insightful. It just shows how stupid people justify their stupid (and sometimes illegal) actions.

Re:frosty piss

[Brad+Mace]

Ok, I have to ask: Frosty piss?

Re:frosty piss

[Penguinshit]

I thought "frosty piss" was an Australian slang for cold beer...?

Re:frosty piss

Also, Slashdot is the 4th place i've seen this story reported on, so it's not really a secret.

Re:frosty piss

[outsider007]

If a website actually made a company thousands or millions per day, then they should be able to afford to setup multiple dedicated servers and pay an admin or two to keep them up.

I work for a company where a day of downtime costs a thousand dollars roughly. That doesn't mean the company is necessarily profitable because many bills need to be paid. Multiple servers and extra admins would put us in the red, but that doesn't mean that the losses aren't real.

Re:frosty piss

[darien]

It's a hilarious corruption of "first post."

Re:frosty piss

"Mischief Night in the UK"

WTF?

I'm in my third decade on this planet in the balmy midlands and I have never heard of this.

OD (In disguise)

Re:frosty piss

[Shimbo]

Also, I have heard rumblings of yet another MS worm run scheduled to run rampant over the 4th of July holiday weekend.

So if you're sysadmin on an alien spacecraft, get patching now!

Re:frosty piss

[minus9]

"Who does it cost money? Only people who overreact. Most defacers tell you how they got in and save your data. Patch it, shame yourself, and resurrect your site. This isn't fucking rocket science."

So you implicitly trust some little shit who's just hacked your web site when he tells you what he's done? A complete rebuild is the only option unless you really want to host a new irc/warez/ddos server.

Re:frosty piss

He must be a Microsoft victim. All he can do is wait for a patch so he has something to do for a week.

Re:frosty piss

Hack 2600. Hack /. Anonymous code. Hack Mountain Dew bottlers. Hack major Internet carrier facil ie opsadf9u&* SOCKET LOST

Re:frosty piss

You don't think any company which hires a PR person isn't spending thousands of dollars, if not thousands of man hours? (And any company which then needs to run ads is indeed using thousands of man hours)

I'll let you scale it down. Think of your favorite store. Assume it is owned by the manager, the one person in charge of the store (yes, there always is someone - and many stores which seem to be cookie-cutter corporate stores are actually owned by one person who is paying the corporation for use of the name and guidance in running the business). So that one person is who is hurt, and who has to spend time and money to deal with spray paint on the building, a broken window, a burglary, shoplifter, and a messy bathroom. All those things require cleanup, checking for other damage, and customers who see it are more likely to consider going to a more pleasant or convenient competitor. Would you like your favorite store to look less pleasant and have to raise its prices?

Re:frosty piss

[Pionar]

My supermarket closes for an hour at midnight every night for computer inventory. If I want to eat, this doesn't make me any less hungry. I wait until 1:15, then bike over.

You've got your analogies all messed up. Your supermarket is doing the equivalent of site maintenance. "Our site is temporarily down for maintenance" is a lot different than "This site is owned." and a bunch of vulgarities and shoutouts to the kid's peeps.

The supermarket equivalent of this is taggers breaking in and destroying all the food and replacing it with fecal matter.

Re:frosty piss

Come on buddy, make a decision. The bulleted list and introduction sound calm and businesslike, but towards the end you start barking skiddiot like grizzled angry granpa, or something. I mean, read what you wrote. If I dis-entagle your parenthetical rekmark, you wrote "Even if they provide you with details, you can't trust them because they're skiddiots. Usually they don't provide you with details, because they're skiddiots." ... I'm afraid I have to doubt your previous calm objectivity.

Re:frosty piss

[pmz]

What the hell is wrong with you? This kind of coverage only causes trouble.

What is wrong with you? This coverage has spoiled the event for all practical purposes. For example, I forwarded the SFGate article to our webmaster.

So, while you are so pessimistic, please realize that, now, millions of sysadmins can go ahead and double-check their patchlevels, etc.

I don't mean to sound mean, but full disclosure allows natural selection to run its course more efficiently among software companies and consumers alike. It also continually brings us closer to a day, when "software engineering" isn't an oxymoron and a joke.

If people really knew what was inside that Windows 9x or 200x shrinkwrap, they would probably explode with a sharp popping sound, after their brains suddenly realize they had been lied to for over a decade.

Re:frosty piss

> On the other hand you could argue that by posting this on Slashdot it will receive huge worldwide attention, and as the article suggested now would be a great time to patch your web server.

Nah, saw it on CNN yesterday which is available on Sky News all over Europe. No way does slashdot havea bigger audience than CNN.

Re:frosty piss

[budgenator]

No, like keep an eye out incase there's something we missed, or there's an attack using an exploit that hasn't got a fix yet.

Don't worry about it, anyone who's going to do this has already hacked your site, and probably installed vulnerable files, so they can go back and activate the defacement in less than 3 seconds and then move on. They can upload a file called index.bak to your doc root, then go back and use ftp to change the name to index.html and a whole php powered site is off the air and replaced by something of their chosing.

If you were real smart, you'd have logged every file you've put up there to include the file size, and the timestamp your server put on it, so you'd have a much better idea if the file up there was legit, or a file that some hacker loaded to save for contest time.

If you have any indication that your sites been cracked, you can trust no file there, upload each and everyone from your back-up.

My opinion is the majority of cracker's that'll do a contest thing aren't that interested in some elegent attack, but are much more likely to look for weak passwords, or well known vulnerabilities in your software.

Re:frosty piss

[WTFmonkey]

Ha, dig that: "It usually works every time." WTF?

Re:frosty piss

[BollocksToThis]

Yes, let's put this article on Slashdot, so a few million would be hackers can go ahead and deface a couple of hundred websites apiece.

That's just reactionary, or perhaps looking for an excuse to bash slashdot.

I heard about this web defacement day ON THE RADIO this morning before I even saw it on slashdot (which I was going to write up a separate 'end of the world' type post about).

And I don't even listen to the radio.

Re:frosty piss

Logon to Nortel's FTP site anonymously.
Use fake email address for the password... :-0
CD PUB and then MKDIR slashdot.
Open a web browser and enter the following site:
ftp://ftp.nortel.com/pub/slashdot

You are now a website-defacing computer hacker!

Re:frosty piss

holy shit! a low ID user with a funny reply! it must be a holiday weekend!

Re:frosty piss

[domc]

Not bigger overall, but a bigger concentration of geeks.

domc

Re:frosty piss

[HexRei]

Wrong. A far better analogy would be if you left your car door unlocked and someone broke in and wrote "LOCK IT NEXT TIME" in soap on the inside of your windshield. Yes, a bitch to clean up, but I bet you don't leave it unlocked next time, and your sorry ass should just be thanking your lucky stars your car didn't get JACKED.
Legislation does not exist to give you an opportunity to be an idiot, it exists to punish those who do harm. Website defacement is harm on the scale of tagging a building- next to nil in the grande scheme of crime.

Re:frosty piss

[HexRei]

If your server has holes open, then you are a SHITTY ADMINISTRATOR and you should NOT BE RUNNING A SERVER.
If your boss would accept that BULLSHIT excuse "oh, i'm still porting it over to the new hardware... boohooo" as a reason to have SECURITY LOOPHOLES sitting open in your system, then he shouldn't be managing the IT department.
The law does not exist to give you an excuse to be a lazy, shitty, incompetent security admin. it exists to exact a fitting punishment for the crime committed.
Next time you recommend "pound you in the ass prison" for website defacement, why don't you think about the fact that instead of simple website defacement, that might have been a malicious hacker interested in SSN's or credit card #'s. And that could mean your job or worse.
And oh yeah, go read some O'reilly books or something cause you're clearly an incompetent whiner.

Our tax dollars at work...

[crazyhorse44]

wonder how many millions Homeland Security is going to spend "preparing" America for this one.

Re:Our tax dollars at work...

[EdMack]

Em, if you RTFA, you would see

"Frankly, hacker challenges occur frequently, and we don't think they all rise to the level of a warning," Homeland Security spokesman David Wray said.

Yes this is /. but only flame the gov when you must.

Re:Our tax dollars at work...

[flowerp]

I think the US might just preemptively bomb all countries that might pose a threat.

May I suggest nukes for increased effectiveness. These work great against all sorts of integrated circuitry, as well as against the biomatter operating it.

Re:Our tax dollars at work...

read the article you DUMBFUCK and you will find out.
DUMBFUCK !

Re:Our tax dollars at work...

[JWSmythe]

Why do those sound like well prepared "last" words.. The next words out of his mouth will be "We were terribly unprepared for this act, and it shows us how simply unprepared the Internet infrastructure is for terrorists attacks"..

That would, of course, be followed by hackers (real and wanna-be's alike) being arrested and thrown in prison on non-specific charges. As long as you throw in a "cyber-terrorism" somewhere in the charges, you can jail them indefinately.

Good luck on the battle kids. Do something worth while, while you're in there. Copy the real WMD documents to the front of whitehouse.gov. Grab the Area51 documents and let the UFO knows know so they're nuts. (everyone knows aliens really drive Cadillac's)

And, if you do nothing else, show your phone phreakin' roots. Make the whitehouse red phone ring the Kremlin, just like in the old days. :)

Re:Our tax dollars at work...

[Malfourmed]

wonder how many millions Homeland Security is going to spend "preparing" America for this one.

Patch and cover! Patch and cover!!

Re:Our tax dollars at work...

Might I further suggest strategic use of 'shut the hell up'. These work great against people with nothing useful to say.

Re:Our tax dollars at work...

[Dr+Reducto]

You can't say they didn't warn You!!

I notice...

[dex22]

I notice the 6th is a Sunday. It would have to be, so all the children can do it without missing school.

Re:I notice...

[donutz]

Well, I think a large majority of the US schools aren't on a year-round system, so most kids would already be able to do it any day in July without missing school. Next theory, please.

Re:I notice...

[Andorion]

As carl67lp pointed out, businesses are less likely to have people who can deal with these attacks on the clock on Sunday than on other days.

~Berj

Re:I notice...

[ranolen]

Last time I checked, kids are out of school anyways....

Re:I notice...

I'd like to thank Slashdot for getting the news of my event out in the public. When I came up for the idea of the event I had no idea it would get this much attention. Thanks!!

Anonymous Coward.

Re:I notice...

[trueaveragejoe]

Yep but we have summer break! ;) or at least most of the schools in the United States are during the fall, winter, and spring. I should know! I got to a high school. Summer break gives me time to do things that I never could have.

Re:I notice...

[Alsee]

Next theory, please.

Ok. Ahhh, how about it's a satanic plot? Yeah, that's it. A satanic plot!

It's the SIXTH day of the SIXTH month of the sixth... ummmm... the sixth... ahhh.... Well there's a SIX thousand websitE limit! Yeah! That's it!

666! 5A7AN R00LZ!!1!

-

Re:I notice...

[endikos]

It's the 7th month. Satan is an Idiot.

Re:I notice...

[TomServo]

It's the sixth month if you call January the zeroeth month.

I'll give you credit for it if you're using something like localtime().

Re:I notice...

[roll_w.it]

So then Sunday is really the 5th then?

Re:I notice...

[mbstone]

I notice the 6th is a Sunday. It would have to be, so all the children can [deface web sites] without missing school.

You mean, missing summer school.

Re:I notice...

[swv3752]

I put it more that is the last day of a Long weekend with many people having the 4th off. So a lot of stuff is going to slid until monday morning.

Re:I notice...

[brownaroo]

"Well, I think a large majority of the US schools aren't on a year-round system, so most kids would already be able to do it any day in July without missing school. Next theory, please."

Yeah coz those other 5.75 billion people out side the US arn't important.

Re:I notice...

[wrathskalon]

Hehe, well ...

As a programmer, I've dealt with some screwed up calendaring API's that are 0-based for the month and 1-based for the day. So, one does not necessarily imply the other.

Re:I notice...

[sharkey]

less likely to have people who can deal with these attacks on the clock on Sunday than on other days.

Fuckin' A. I ain't going in on Sunday, that's one reason I have Caller ID.

Re:I notice...

[CmdrPinkTaco]

I just ran into that same problem with Java's Gregorian Calendar the other day and couldn't for the life of me figure out why the month was always (expectedMonth -1). Finally I looked at Jan and saw that it was month[0] and the light bulb became very bright.

I hate stupid mistakes like that in programming. They are always the most time consuming.

Re:I notice...

[TheMidget]

Well, I think a large majority of the US schools aren't on a year-round system, so most kids would already be able to do it any day in July without missing school. Next theory, please.

Indeed, it would have made much more sense to put this on a late Friday evening, or on a Saturday. Not for the availability of the "defacers". But for the unavailability of those who'd notice the defacements and remove it. Even better: do it at the first day of a long weekend (i.e. July 4th). That way, your work of art would stay there 4th, 5th and 6th before being taken down!

I wonder whether the penguins will be back to the poll example at asp.net this weekend!

Re:I notice...

[TheMidget]

I put it more that is the last day of a Long weekend with many people having the 4th off. So a lot of stuff is going to slid until monday morning.

Yeah, but wouldn't it make more sense than to have the "world hacking day" on the 4th rather than the 7th. That way, the stuff is going to stay up 3 days, rather than just 1. Of course, it also means you have less time to prepare, but for most hackers, that's not a problem (just explore the vulnerabilities the weekend before, and actually deploy your customization on the evening of the 3rd. Or you may be on school holidays anyways, having all time you need!).

Re:I notice...

[Alsee]

I hate stupid mistakes like that in programming. They are always the most time consuming.

Bah! It isn't a mistake as long as it works. No REAL PROGRAMMER would have wasted any time on it. A REAL PROGRAMMER would simply use Month+1 without caring why it works. ;)

-

Re:I notice...

[Isbiten]

1773 + 666 = 2003, it a satanic plot!!

Re:I notice...

"I notice the 6th is a Sunday. It would have to be, so all the children can do it without missing school."

Where do you think the internet access comes from?

Re:I notice...

[beebware]

Actually that's scarily near the truth: I've often written routines that do complex mathematic models with algebra that just on the edge my understand and once testing finishes I say to my self "Well, it works - but please please don't ask me how!".

Re:I notice...

[Uzziel]

Yeah, but in Revelations, John says that 666 is the number of a man, not a date. And it's the number of the Beast, not Satan. The Beast is a man, Satan is the divine Adversary.

In other news

[ramzak2k]

July 7th was announced as national handcluffing day when hordes of hackers would be paraded around the streets in major cities.

Re:In other news

[neurostar]

July 7th was announced as national handcluffing day when hordes of hackers would be paraded around the streets in major cities.

A correction has been issued from John Ashcroft: " July 7th was announced as national handcluffing day when hordes of terrorists would be paraded around the streets in major cities.

NOOOO!!!!

[TedTschopp]

Don't do this... Please... For the sake of all that is bad legislation...

Just think of all the very bad things that could happen if this is:

1. Sucessfull
2. Very unsucessful

If the former think of all the good laws that will be inacted. If the later, people will have a who cares attituce about network security.

Both are bad.

Stop posting articles like this... Don't feed the trolls.

best hack would be..

For M$'s website to have it's DNS pointing to SourceForge instead : )

-Cho

Re:best hack would be..

WOAH! It's fucking funny cuz you used a $ to indicate their greed and evil!!! WOAH! It must have taken some kinda genius to figure that shit out. Oh, and followed by a quick "Look at me! I'm like you guys, I like OSS, too! No, really, I do, in fact, I like it so much I'm gonna post some gay ass joke!!!"

Re:best hack would be..

[Genyin]

It's fucking funny cuz you used a $ to indicate their greed and evil!!! ... I like OSS, too!

Don't you mean O$$?

what are you talking about?

[polished+look+2]

Slashdot has little to do with the defacement. Slashdot is simply reporting this.

Re:what are you talking about?

[donutz]

Slashdot has little to do with the defacement. Slashdot is simply reporting this.

Nah, the San Francisco Chronicle is reporting it.

Slashdot is just giving a bunch of tech-minded people a forum in which to talk about it.

Re:what are you talking about?

[meme_police]

Precisely. Do all you dotters think that the Slashdot effect is bigger than all the major new organizations put together? Slashdot isn't the only site reporting this.

Re:what are you talking about?

[nomadic]

Slashdot has little to do with the defacement. Slashdot is simply reporting this.

Heh, that reminds me of 2600, which would publish things like "You can hack into this store's computer by sneaking into the back stockroom and entering this on the computer.", then insist that they weren't encouraging illegal activity, merely saying what COULD be done.

Re:what are you talking about?

[meme_police]

Is Slashdot telling us how to exploit IIS or Apache? No.

Re:what are you talking about?

[nomadic]

I didn't say they were. Just mentioning what it reminded me of. "That cloud reminds me of a horsie" doesn't mean I expect the cloud to actually eat hay...

Re:what are you talking about?

You could hack DishNetwork with an ISO-7816 programmer.

Did I just encourage illegal activity? Are you going to go out and buy the equipment now? Are you so brain-dead that you needed my help to reccomend you use a smartcard programmer on a smartcard?

If so, I doubt you have the skills to do the job anyways. Therefore I encouraged nothing...

Re:what are you talking about?

[Overly+Critical+Guy]

Are you for real? Which site do you think is the most-read news site by wannabe hackers and script kiddies?

Look at the graphic at the top of the page.

Re:what are you talking about?

[way2trivial]

Yes.. Previous articles aside,

the correct answer is

slashdot is god.

Re:what are you talking about?

[Saint+Aardvark]

Now that is a clever .sig.

I am now blessing your keyboard...

Re:what are you talking about?

Maybe somebody can post a beginners guide on how to hack IIS. The the everybody could join and get their 6000 site quota.

Re:what are you talking about?

[nucrash]

Once again, some one must point out that Slashdot is a forum linking to articles reported various information sources. Slashdot is not a News Organization.

publicity

[minionman]

Gee, the site promoting it didnt last long - wonder who had that shutdown? Hah... guess they dont realize that publicizing it will only make matters a lot worse and draw more people to it.

Wrecklessness

[LordoftheFrings]

This is just really awful. A huge call out for Script Kiddies of the world to unite. Terrible.

*shakes head*

*looks around*

*starts researching latest exploits*

*runs*

Re:Wrecklessness

[Sarin]

oops.. better prepare my webserver

Re:Wrecklessness

[JWSmythe]

We make fun of the script kiddies, but you're right, if there are perfectly good exploits out there and you aren't prepared, then you're just being stupid and egotistical. "They'll never get me." will suddenly become "damn, they got my site."

Re:Wrecklessness

[Lord_Dweomer]

" This is just really awful. A huge call out for Script Kiddies of the world to unite. Terrible."

God...I hope I don't start getting phone calls from my friends with their laptops in phone-booths yelling at me "HACK THE PLANET!!!". How the fuck do you hack a planet? Well.....if it was the DeathStar I could understand.....but still.

Re:Wrecklessness

[sharkey]

Actually, they seem to be advocating wreckingness, rather than wrecklessness.

WashingtonPost version

[$exyNerdie]

Government Warns of Mass Hacker Attacks

MOD PARENT UP

Yeah, as funny as I think it is when websites get defaced, and as much as I don't care, this guy is right. What the hell is wrong with you?

Re:MOD PARENT UP

quiet, now they think theres four of us. Or are there... DUM DUM DUM...

Actually I'm the guy that did the MOD PARENT UP post, but not the first. I also didn't do this post's parent.

Re:MOD PARENT UP

No you're not, I am!

Re:MOD PARENT UP

Who, you? Me? No way.

(btw, its me again, the 'mod parent up' guy)

Re:MOD PARENT UP

I'm the MOD PARENT UP guy, don't copy me, that's infringement, and I'll DMCA your ass into oblivion.

Re:MOD PARENT UP

Dude, it's me, not him, I promise.

Re:MOD PARENT UP

Shutup copycat!

Re:MOD PARENT UP

Me? I'm the one that started all this!

Re:MOD PARENT UP

No, that was me you bastard.

Re:MOD PARENT UP

Go fuck yourselves. Myselves. Ourselves.

The plot thickens.

Re:MOD PARENT UP

This is my first anonymous reply to this thread. That is to say, I'm not the "MOD PARENT UP" guy or anyone else who has written to this thread.

Well

I will bring out my honeypot then!

Re:Well

[RGRistroph]

A moderator needs to look up "honeypot" and realize why this is not off topic.

Re:Well

[WeblionX]

Haven't you heard? Honeypots might become illegal. I guess when they ask you where you got the information from, you'll have to go with the old "It came on a disk that fell off the back of a truck" bit.

This can't possibly be legal?

Isn't the challenger here opening himself up to a barrage of lawsuits? Not to mention the participants.

Re:This can't possibly be legal?

[NewWaveNet]

Of course they are. But it`s not like they posted this home address and cell phone number for lawyers to reach him. It`s hosted at HostWay, some lil 5$/yr shit hosting company, and the domain obviously has fake reg info:

Administrative Contact:
of, Day (35473296P) sotaa@wongfaye.com
11 Albert Rd
AMITYVILLE, NY 11701
US
(631) 842-5471

Writing viruses is also illegal...the key is not getting caught.

Crossing the line?

[carl67lp]

One is reminded of the perpetual debate in security: Whether to post an exploit to a group, in order for the vendor to have incentive to patch it, or wait and hope the vendor listens to you. There are excellent arguments on both sides.

This seems to be little different than that example. The challenge is unethical, as far as I am concerned. July 6 is a Sunday, for one thing--in general businesses do not hold normal shifts on a weekend, so this is going to surely cause more grief than an attack on, say, a Tuesday. Moreover, if successful, this could seriously halt a lot of legitimate business, personal, and other transactions across the Internet.

Is this a call to deface Web sites, or generally screw over sysadmins who oftentimes are paid beans to being with? Shameful.

Re:Crossing the line?

[commodoresloat]

One is reminded of the perpetual debate in security: Whether to post an exploit to a group, in order for the vendor to have incentive to patch it, or wait and hope the vendor listens to you. There are excellent arguments on both sides.

No there aren't. There is no reasonable argument for not bringing the exploit to the vendor's attention first. There is meaningful debate over the question of what to do if the vendor chooses to ignore you or bully you, but I really don't see a good argument for alerting the world before alerting the vendor.

Re:Crossing the line?

[heli0]

"Whether to post an exploit to a group, in order for the vendor to have incentive to patch it, or wait and hope the vendor listens to you."

The best method is to publish the exploit encrypted with a 8192-bit key, give the key to the vendor, and tell the vendor that you are making the key publically available in 30 days.

Note: this method works best if you are not in DMCA land.

Re:Crossing the line?

[King_TJ]

I don't think the original poster was trying to claim that the debate was over "releasing exploits to the public first", or "releasing exploits to the vendor first".

The exploits posted to groups, in an attempt to give a vendor incentive to fix them, are done only *after* the vendor was unresponsive (in 99% of the cases I've seen, anyway).

The "debate" seems to be on if it's right to do this, or if those discovering exploits should just sit on them indefinitely after telling the vendor about them. (EG. If the vendor doesn't think it's worth fixing, you should play along with them and pretend you never found the exploit. After all, the vendor is of the opinion that it's highly unlikely others besides you will find it, as long as you keep your mouth shut.)

Re:Crossing the line?

[alangmead]

What about the case when there are you notice that an exploit is actively being used?

Sure, tell the vendor first so they can start working on a patch; but tell other admins immediately afterwards, so they can start devising their own workarounds.

Re:Crossing the line?

[dollargonzo]

"hacking is always better on tuesdays" don't know why hacking got me thinking about sex, but that is probably slashdot's fault.

Re:Crossing the line?

[TheMidget]

No there aren't. There is no reasonable argument for not bringing the exploit to the vendor's attention first. There is meaningful debate over the question of what to do if the vendor chooses to ignore you or bully you, but I really don't see a good argument for alerting the world before alerting the vendor.

There is one special case where it might be useful to alert the public first. Or even: to alert the hacking underground first: if the vendor's name is a good description of the CEO's dick.

Re:Crossing the line?

[I.+M.+Bur]

SCO?

Re:Crossing the line?

[TheMidget]

I don't see how the name of SCO describes its CEO's dick. It might imply however that the CEA is a dick.

I was thinking more along the lines of very small and not really hard.

Re:Crossing the line?

[blibbleblobble]

"Is this a call to deface Web sites, or generally screw over sysadmins who oftentimes are paid beans to being with? Shameful."

It looks much more like an attempt to get as many websites patched and backed-up as possible, before any real cracks happen. What better way to get people's attention than to create fear of a large imminent crack?

A Haiku

[blackmonday]

Page deface!
Challenge - July 6
Please stay away

Re:A Haiku

[Tackhead]

> Page deface!
> Challenge - July 6
> Please stay away

Traditionally, the Haiku form must not only follows the 5-7-5 syllable progression, but it must also evoke a pastoral, reflective feeling in the reader upon contemplating the seas[|~||{{[{
WE 0WN ALL J00R B4S3
TEH INTERWEB IS ALL MINE
FUCK J00 1TS SUMMER!

Re:A Haiku

[JanneM]

And actually, the 5-7-5 pattern is not strict, and neither is having exactly three lines. H Haiku should always mention - implicitly - a season, and should have a change of perspective or other "turn", perhaps to the point of awaking surprise.

Re:A Haiku

[Tackhead]

> And actually, the 5-7-5 pattern is not strict, and neither is having exactly three lines. H Haiku should always mention - implicitly - a season, and should have a change of perspective or other "turn", perhaps to the point of awaking surprise.

0WN1N8D!
Buffer 'sploit known since last spring.
(I fixed it for you.)

Re:A Haiku

[Q-Kumbers]

Ah the simple beauty of the haiku...

buffer overflow
you let me conquer the world
from my mum's basement

B1FF longs for a world
where "pH3@R |\/|y l33t h4x0r 5k1llz"
picks up the hot chicks

while you watch your kids
play soccer in the hot sun
your web site is 0\/\/nz3rd

I'm quite chuffed with the last one. A seasonal reference, 5/7/5 structure, with a humourous twist at the end (and on topic too!).

Re:A Haiku

[Simon+Garlick]

Class :)

What sort of prize is 500mb??

[neslon]

From the AP article:

"The purported "prize" for participating hackers was 500-megabytes of online
storage space, which made little sense to computer experts. They said
hackers capable of breaking into thousands of computers could easily steal
that amount of storage on corporate networks."

Re:What sort of prize is 500mb??

[unsung]

The real prize is bragging rights.

Re:What sort of prize is 500mb??

[Andorion]

Uh... prize? In an ILLEGAL hacking event?

"To collect your prize, please call 1-800-FBI-NARC... a representative will be sent to your home shortly."

~Berj

Re:What sort of prize is 500mb??

The purported "prize" for participating hackers was 500-megabytes of online
storage space

I pay $2/month to my isp for this.

Re:What sort of prize is 500mb??

[HungWeiLo]

Well, it's kinda hard to access your CD-Rs and 120GB hard drive archives in prison.

Hence the online storage as a prize.

Re:What sort of prize is 500mb??

[Otter]

Possibility 1: It's a joke that's gone over the head of the "computer experts" as well as the moderators here.

Possibility 2: The script kiddies who pull defacements are not, in fact, capable of stealing a shell account.

Probably both.

Re:What sort of prize is 500mb??

It's not illegal if you own all the boxes that you 0wn. ;)

Of course, since I can't read the rules, I don't know if you're allowed to do that :P

Re:What sort of prize is 500mb??

[jakesher]

Obvious 500mb is code for something else...evidently used to, and successfully throw/threw off the authorities...bleh.

Let them start with the **AA sites

[Nom+du+Keyboard]

This is a totally dumb idea, and I hope the FBI tracing bots are ready to track them all down and arrest them soon afterwards.

Given that you're going to do it anyway, why not start with the RIAA, MPAA, and SCO sites. After that, any spammers anyone happens to know.

Re:Let them start with the **AA sites

[SKPhoton]

oh i'm pretty sure they'll get hit. i dont think many people will be terribly depressed when theyre taken down.. =P

Re:Let them start with the **AA sites

[MrLint]

Hehe I smell a poll question brewing in this post!

Who's website would you go to see if you knew it was defaced?
* RIAA/MPAA
* SCO
* AOL
* EMarketersAmerica.org
* That other jackass spammer with the sports car in michigan?
* Microsoft
* the cowboy neal foot fetish extravangaza

Re:Let them start with the **AA sites

" This is a totally dumb idea, and I hope the FBI tracing bots are ready to track them all down and arrest them soon afterwards."

The FBI will only locate script kiddiez who run massive port scans from their home machines. Most of these people will be using hacked machines (do a scan for machines infected with sub-seven in the 24.x.x.x subnet and you will find thousands) as proxies.

Re:Let them start with the **AA sites

All of the above?

Re:Let them start with the **AA sites

Too late!

Re:Let them start with the **AA sites

[ceejayoz]

Heh... defacing RIAA?

Not too dificult, considering that until recently their administration page was unpassworded! [cache]

Unfortunately, someone posted it to Slashdot, FARK, etc. instead of keeping it secret so devious tricks could be done.

D'oh.

Re:Let them start with the **AA sites

[Captain+Large+Face]

the cowboy neal foot fetish extravangaza

Do you have the address? I have a friend that would like to visit..

don't MOD PARENT UP!

[polished+look+2]

Its in the news, look here.

Won't make much of a difference?

[arth1]

I would think that the kiddies that deface web sites do it every Sunday anyhow, so I fail to see why this should have any impact.
It's not like people are going to say "gee, I never thought of that! Let's deface web sites on this particular sunday, although we never would do it otherwise!"

But I'm sure that some people find a way to make money (or pork) from this "announcement". *sigh*

Regards,
--
*Art

Re:Won't make much of a difference?

[Andorion]

"But I'm sure that some people find a way to make money (or pork) from this "announcement". *sigh*"

That gets me wondering.... do you think this whole thing was set up by some security firm(s) to boost business?

~Berj

Re:Won't make much of a difference?

[stile]

Or CERT to boost web server security?

Good idea?

[mAx3]

Why do this? What positives can come out of such an exercise? Granted, the many insecure websites out there will be forced to re-think their security, but it seems to me like a immature and childish way of going about things.

Re:Good idea?

[YOU+LIKEWISE+FAIL+IT]

What positives can come out of such an exercise?

I don't think your average web-site defacer has ever been too concerned about the positive repercussions of his or her actions before, and I find it highly unlikely that a competition with their peers is going to jump start their sense of ethical responsibility.

A lot of people in this thread will say that a benefit of roving defacement groups is that it helps to highlight poor security. Sure - In the same way that setting peoples houses alight helps to highlight the importance of changing your smoke detector batteries.

I call shennanigans. This might be a happy side-effect, but if your happy haquer was really concerned with improving security, how hard would it be to find the hole, and then mail the site admin from inside the network boundary, or leave a message somewhere apart from the frontpage and then tip off the administrator?

They could do this. But there's no bragging rights there - and that's what this is all about when you get right down to it:

• Bragging rights and a sense of importance within their peer group ( look at the 'shout outs' that accompany many defacements ).
• Mean spirited embarassment for the victim

and in some rare cases

• a possible political statement or message

To answer your question, and echo a sentiment that will probably be seen in numerous other posts in this thread nothing positive will come from this that could not have been achieved by less disruptive, upsetting or destructive means.

As to those who said "Great, MS will bear the brunt of it", grow up. Your mean spirited and childish attitude does you zero credit. Cracker attacks are a menace that have to be faced by all sectors of the computer community, and wishing them upon your rivals smacks of extreme poor taste ( not to mention the fact that most of the actual victims are likely to be non-technical clients of hosting companies who do not understand, wish to understand, or control their hosting solution ).

whu?

[deadsaijinx*]

The purported "prize" for participating hackers was 500-megabytes of online storage space

WOOHOO! After all that hacking into thousands of web-sites with who knows how many terabytes of storage, I can now get almost a FULL CD of free web-storage!!!! WOOHOO!!!

Wait, can I still use that in prison?

Well

At least I'll know when we'll be restoring from a back-up. I really hate being caught off guard...

It's not defacement...

[myov]

It's just a massive slashdotting!

(someone had to say it)

How much damage can they do?

[svvampy]

Given the current state of autogenerated/Over-templated/Flash-ridden crappiness?

An annoyance with no purpose.

[Yaztromo]

I've noted that the domain quoted in the article http://www.defacers-challenge.com doesn't appear to resolve to anything at the moment. Anyone have the IP address for the site?

Regardless, this is yet another challenge that won't produce much of anything useful. Too bad the people participating don't have anything more useful to put their idle time towards (what with so many Open Source projects needing help out there, you'd think these people could find lots of useful places to use their skills).

I'm off to backup the files for my website, just in case...

Yaz.

Re:An annoyance with no purpose.

[Tackhead]

> I've noted that the domain quoted in the article http://www.defacers-challenge.com doesn't appear to resolve to anything at the moment.

OK, which one of you guys 0wn3d it before we Slashdotted what was little remained into a steaming pile of goo in the corner of the server room? Fess up.

Re:An annoyance with no purpose.

I did. It was running Apache 1.3.26. See this advisory for details. Blame this provider for shoddy security. Oh well, chalk me up for two points for hitting a Linux box!

Re:An annoyance with no purpose.

[TCM]

$ whois defacers-challenge.com
[...]
Domain Name: DEFACERS-CHALLENGE.COM
[...]
Updated Date: 21-jun-2003
Creation Date: 21-jun-2003
Expiration Date: 21-jun-2004

$ dig defacers-challenge.com ns
; <<>> DiG 8.3 <<>> defacers-challenge.com ns
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 3
;; QUERY SECTION:
;; defacers-challenge.com, type = NS, class = IN

;; ANSWER SECTION:
defacers-challenge.com. 1d23h59m8s IN NS ns3.hostsave.com.
defacers-challenge.com. 1d23h59m8s IN NS ns1.hostsave.com.
defacers-challenge.com. 1d23h59m8s IN NS ns2.hostsave.com.

;; ADDITIONAL SECTION:
ns3.hostsave.com. 1d23h56m42s IN A 207.150.198.114
ns1.hostsave.com. 1d23h56m42s IN A 207.150.196.199
ns2.hostsave.com. 1d23h56m42s IN A 207.150.197.103
[...]

$ dig @207.150.196.199 defacers-challenge.com
; <<>> DiG 8.3 <<>> @207.150.196.199 defacers-challenge.com
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 4
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUERY SECTION:
;; defacers-challenge.com, type = A, class = IN
[...]

There you go. The official DNS servers don't know anything about that domain (yes, I checked the other two). Maybe there's another contest running: disconnect sites that run defacement contests. :)

Re:An annoyance with no purpose.

You are full of shit, how did you hack the box with that lame exploit? All you can do is send a SIGUSR1 to other processes with it.

Re:An annoyance with no purpose.

[Yaztromo]

Hey TCM:

I actually ran through dig myself with the same queries to try to find out what might be going on, along with the whois output for the domain. That's why I was hoping that someone might have the IP cached somewhere (I'm assuming that the site is still online, and only that the domain isn't resolvable. I could be completely wrong about this, of course -- which is why I want to test that hypothesis :) ).

Yaz.

Re:An annoyance with no purpose.

[necrognome]

The IP address was 207.150.192.12, according to Netcraft. You'll get a page that says "Unable to Fetch Domain" though.

Score -1: Troll

[mortonda]

Once again the desire to moderate a story flares up.

Please don't feed the trolls.

Re:Score -1: Troll

um... this is current news, and unlike many of the articles that /. posts, this IS "stuff that matters." A story like this is a pointed reminder for web admins to be prepared on sunday.

troubling

[Fux+the+Pengiun]

On the surface, this seems like a great idea. After all, we know Micro$oft servers are a lot easier to crack than Linux or BSD servers, so they'll probably take the brunt of this. But, after it's all said and done, isn't Bill Gates going to point at the Linux crowd, and sites like Slashdot, as having started this? "Hackers" have such a bad name already, do we really want to feed it?

It would be a lot easier for Bill to get media exposure, as he owns CNBC and everything, so I can just see them trying to interview Linux Tovalds and asking him "So how many websites did you and your Free Software friends deface today?" I thank that would be bad for our message.

Nice try, but it seems to me we should focus on more productive things to bring down Micro$oft, like trying to get Linux on the XBox!!!

Cheers,
FtP

Re:troubling

After all, we know Micro$oft servers are a lot easier to crack than Linux or BSD servers, so they'll probably take the brunt of this

No, for the millionth time, no. Either system has hundreds of vulnerabilities, with sysadmins too lazy to patch fully. A properly up to date MS, Linux, Unix, BSD, OSX server will be fairly free from vulnerabilites to the same extent.

If you think you're running any more secure than an MS system just because you use one of the alternatives, you're living in a "security by obscurity" dreamworld.

MS systems get attacked more as they have the critical mass worldwide to a) have more people know their faults well, and b) ensure spread of trojans.

Think

hmm...

one wonders if the riaa will be on their 'to-do list.' (er... one hopes)

Now I understand ...

[chloroquine]

Our IT department just sent out a notice to the institute about security over the holiday weekend. I'd love to see our website hacked. It is one of those no useful content sites with lots of tasteful colours and pictures.
But don't quote me on that.

"The holiday weekend affords us an opportunity to get away from our workplace, relax and enjoy the summer weather. However, not everyone will be outside in the sunshine. Hackers will be in front of their computer screens trying to get into all of those computers"

I think the thing that pisses me off the most is that they assume that everyone gets to take the holiday weekend. I'm a grad student, I'll be inside working. They're such insensitive jerks sometimes.

Re:Now I understand ...

Cheer up....

As an ex-grad student I am preparing to spend some of my lucrative salary this holiday weekend traveling with the extra vacation time I asked for when I was hired after gradschool.

It may suck now, but it is well worth the payoffs, especially if you like what you are doing.

Re:Now I understand ...

[freeweed]

on Wednesday July 02, @05:52PM, chloroquine said:

Our IT department just sent out a notice to the institute about security over the holiday weekend. I'd love to see our website hacked. It is one of those no useful content sites with lots of tasteful colours and pictures.

But don't quote me on that.

Aw, fuck...

In other news

[jeffkjo1]

Welcome to the 5 oclock news, today is July 7, 2003. This morning, an estimated 9,000 teenage boys were arrested as part of a massive sting to capture the perpetrators of yesterday's massive computer related attack. Investigators have confiscated a record number of computers related to this attack.

From the article...

[NewWaveNet]

``An early warning network for the technology industry, operating with Homeland Security, notified companies that it received "credible information" about the planned attacks and already has detected surveillance probes by hackers looking for weaknesses in corporate and government networks.``

Oh, I must have forgot that hacker kiddies only use XScan when preparing to participate in little overblown competitions! And hot damn am I glad that all these bad ass hackers will quit scaning once this competition is over, because I feel vulnerable now.

Wahahah...homeland security...it`s an oxymoron! ;)

Some other announcements

[tuxathon]

July 7th is National Rob-As-Many-Banks-As-You-Can Day. In Canada, the 14th is Kill-Puppies Day. And down in Argentina, the 30th is Moon-Your-Boss-Day.

Not to be outdone, Louisiana has added 37 more days of Mardi Gras, and Brazil has announced Carnival will be from July 03 - July 05.

If /. gets hacked, I'll wet myself laughing.

Re:Some other announcements

[Mir322]

Has it been done before ?

Re:Some other announcements

You don't read FARK, do you?

Killing kittens is MUCH more fun that killing puppies.

new plan

[b17bmbr]

1. announce web defacement day
2. ???
3. profit

Re:new plan

[Tablizer]

1. Announce web defacement day
2. ???
3. Pr......HACKED BY JAY SMITH, ENTRANT #57363

Re:new plan

[tekunokurato]

2. Apply for job as sysadmin at one of thousands of companies who sacked their old ones for bad security

Apply your patches!

[donutz]

New York officials urged companies to change default computer passwords, begin monitoring Web site activities more aggressively, remove unnecessary functions from server computers and apply the latest software repairs from vendors such as Microsoft Corp.

Well it took some doing, but I managed to get that latest Microsoft service pack installed on my web server. It said that it fixed a lot of issues, so I felt it was worth it, even though I run a Slackware 9.0 Linux server. Here's to hoping it reboots alright!

Re:Apply your patches!

[Sethus]

Are you kidding? It probably will load up a copy of windows 98 or something onto your computer demanding payment for the installation. ^_^;

Re:Apply your patches!

[Catskul]

MS-SP: Non-ntfs partition detected.
resistance is futile.
partition will be assimilated.

Converting EXT3 filesystem to NTFS5.....
.
.
.
.
Kernel Panic: Root File system has been murdered !

Re:Apply your patches!

slackware would probably be considered your vendor here, actually

240 Gb free online storage space?

[Eudial]

The purported "prize" for participating hackers was 500-megabytes of online storage space

Err, so if they want 500 Mb of free online storage space, why don't they just connect their computers to the internet, install a FTP server and use it as storage? That would grant them hellova lot more than 500 Mb.

WHOIS defacers-challenge.com ?

[RobertTaylor]

Registrant:
of, Day (TPEEWXQFBD)
11 Albert Rd
AMITYVILLE, NY 11701
US


Does that place exist? If so *deface that* ;)

I doubt it will be a real address though, however the idiocy of some people does often suprise me!

Re:WHOIS defacers-challenge.com ?

[prestidigital]

Don't need to. Just /. it.

By the way, I tried many derivations of the URL and could not pull up a site.

Re:WHOIS defacers-challenge.com ?

I live right next to Amitiville on Long Island, I'm not sure if that street exists but everything else seems correct. I guess you can find out on mapquest.com or someplace

Re:WHOIS defacers-challenge.com ?

[rocket97]

here is the complete listing including a contact email and phone number... not sure if Affinity hosting is behind this....

Registrant:
of, Day TPEEWXQFBD
11 Albert Rd
AMITYVILLE, NY 11701
US

Domain Name: DEFACERS-CHALLENGE.COM

Administrative Contact:
of, Day 35473296P sotaa@wongfaye.com
11 Albert Rd
AMITYVILLE, NY 11701
US
631 842-5471
Technical Contact:
Affinity Hosting, LLC TS1126-ORG contact@AHNET.NET
16611 S. Vermont Ave
Gardena, CA 90247
US
310-354-2626 fax: 310-354-1592

Record expires on 21-Jun-2004.
Record created on 21-Jun-2003.
Database last updated on 2-Jul-2003 19:09:42 EDT.

Domain servers in listed order:

NS3.HOSTSAVE.COM 207.150.198.114
NS2.HOSTSAVE.COM 207.150.197.103
NS1.HOSTSAVE.COM 207.150.196.199

Re:WHOIS defacers-challenge.com ?

Here's a map to help you out.

Though it is probably the little dorks ex girlfriends house.

Re:WHOIS defacers-challenge.com ?

[PingXao]

I'm very close to that location. I don't know who lives there, but it's a house on a canal that's probably worth between $300,000 and $450,000 with annual property taxes in the area of $8,000. It's in a very dsireable location. I seriously doubt anyone with this type of asset would put it at risk by engaging in stupidly illegal behavior.

Re:WHOIS defacers-challenge.com ?

[eniu!uine]

Does that place exist? If so *deface that* ;)

That's a nice extra benefit to the 'organizers' when the address of their greatest enemy is painted with 'we own you'.

Re:WHOIS defacers-challenge.com ?

Are you sure they don't have a bored geeky kid who gets thousands of dollars worth of bandwidth and computers to keep him off the busy parents' necks?

Re:WHOIS defacers-challenge.com ?

[rastos1]

Do you believe that drug dealers and weapon smugglers live under the bridge?

YOU FAIL YOUR HAIKU! I VOMIT ON HAIKU FAILURES!

Taste My Dinner, FAILURE! It's 5/7/5, moron!

another =)

[Andorion]

Website defacement -
Illegal and damaging.
Still beats going to church.

~Berj

=( Blah

[Emperor+Tiberius]

Flame on, but, I don't think /. should be reporting this kind of story. Aside from all of us story loving, comment posting maniacs, /. does get viewed by our script kiddie "friends." There have been challenges before (as mentioned), this isn't anything new, most of which [however] have not had enough media attention to bother with. Remember the "April Fools Defacement Day" one that a few newspapers picked up on, last April? This is exactly the same thing. The more fuel we give the kiddies, the bigger mess they're going to make...

Re:=( Blah

[Shackleford]

Flame on, but, I don't think /. should be reporting this kind of story. Aside from all of us story loving, comment posting maniacs, /. does get viewed by our script kiddie "friends." There have been challenges before (as mentioned), this isn't anything new, most of which [however] have not had enough media attention to bother with. Remember the "April Fools Defacement Day" one that a few newspapers picked up on, last April? This is exactly the same thing. The more fuel we give the kiddies, the bigger mess they're going to make...

I really don't consider this flame bait at all. In fact, I think that there are some good points here. It was actually just this afternoon that I submitted this smaller version of the story, which can be found here and here. The story was rejected, and I figured the reason it was rejected was because it wasn't really news. It was just something of an advisory. And nothing may materialize on the 6th, so there may be absolutely no point covering this.

And that's the reason I'm not so sure if this should be covered here. So I don't think this will cause those dastardly script kiddies to make a bigger mess. But I'm sure it'll make sysadmins take the usual precautions (ie. apply software patches, disable unnecessary services, etc.) So maybe something good can come from this.

Re:=( Blah

[pigscanfly.ca]

*shakes fist at* Dude are you actually suggesting self censorship on slashdot?
If a company is dum enough to run unpatched servers (goes to run apt-get update apt-get upgrade *sigh*) then there going to get screwed sooner than letter . From the protoganists point of view if they hacked by a bunch of 1337 hax0rs on the 6th then they will learn there lesson (unless there rather dense) before some one breaks in and tries to steel all of their customer information . Sight defacement is in a sense a blessing , your customer information is released (hopefully) and its pretty easy to convince management to spend a bit more on security (or switch to linux!!) . Remember the 1337 hax0rs will be going for speed on the 6th so they might not bother with the whole steeling customer nfo.

Re:=( Blah

[bbtom]

"The more fuel we give the kiddies, the bigger mess they're going to make..."

But if you tell the fire and police department (eg. sysadmins) the day before, they're unlikely to use them.

sad

[DNS-and-BIND]

It's a sad day when replacing index.html is regarded as "hacking". The entire idea that only web servers are worthy of hacking just shows journalistic ignorance worthy of the New York Times.

Re:sad

[Shackleford]

It's a sad day when replacing index.html is regarded as "hacking". The entire idea that only web servers are worthy of hacking just shows journalistic ignorance worthy of the New York Times.

Replacing the index.htm(l) file, or "web page defacement" as it is often called, has been considered "hacking" for quite a while. This is not anything new.

I'd say that journalistic ignorance goes beyond that. You may remember the ILOVEYOU e-mail virus. Well, I kept hearing members of the media refer to it as the "love bug." There is a significant difference between a bug and a virus, and I figured that they would understand that difference. It seemed like they were more interested in coming up with a clever phrase than in being factually accurate. And I thought that referring to Y2K as the "millenium bug" was bad. Y2K was NOT a bug.

Re:sad

[el-spectre]

Y2K was just bad design.

scratch that, it was lack of foresight. There _was_ a valid reason to use 2 digit dates, but the amount of data/# of programs grew so rapidly that it was a bitch to get fix.

Incidently, some code in the 50s and 60s used 1 digit years...

Also, I seem to recall that 'lovebug' was the internal name for that virus, no?

Re:sad

"Y2K" was not all 2 digit dates. It was basically a flag day for folks to brutally QA all of their date-related code. Tons of real bugs with date routines that didn't know the correct leap years, routines that failed when the clock rolled over, and so on were unearthed and fixed.

Mixed Feelings About This

[miketang16]

Eh... I think this deserves coverage on Slashdot because it's interesting to people, but I suppose it's also sort of increasing the number of participants in this. Oh well, if you're running IIS without patches you kind of deserve it. =P

Re:Mixed Feelings About This

Running IIS without patches is sort of like running around naked with scissors: it's exhilarating and a fun way to get in shape.

Re:Mixed Feelings About This

running IIS without patches is more like bending over nekkid spreading your cheeks at a prison camp for HIV infected rapists.....

Contests like these....

[222]

could make many companies green in the face, considering the new law that jumped into effect not just a day ago....

Re:Contests like these....

[Qwell]

Parent port seriously needs to get modded +1 Interesting. Think about it for a minute, this could definately prove the new law in CA. You know damn well that at LEAST one site in CA will be hacked. Maybe a bit offtopic, but the point is still very valid for this article.

funny thig about this

funnything is about the websites defacement is it conide on same week as terminator3 which skynet get activicated and WWIII starts! intresting thing :-) too bad i do not have own website :-p

Not Necessarily

[gotr00t]

Though I am a huge GNU/Linux OSS fan, and I use Linux for all my desktop and server tasks, there still is a common misconception about security.

Whether we like it or not, Microsoft _has_ done a better job with security now, and Windows has gotten a lot more secure nowadays. Though in my opinion, sysadmins could do a LOT more to protect their Linux systems than their Windows systems (much more stuff is configurable), it is still fact that good security dosn't mean using Open Source Software like Linux or BSD and stopping there, it requires competent sysadmins and being updated about security, as well as using patches and new versions of software.

Or, you could just use NetBSD :)

Re:Not Necessarily

Or, you could just use NetBSD :)

Wait, I thought OpenBSD was the secure one? Or was it the portable one? Maybe it was the efficient one. No, that's FreeBSD. Aw, hell, I guess I'll just have to go back to using Linux, which is all three :P

I wouldn't be surprised..

[T40+Dude]

if on July 6, /. would be defaced and its DNS pointing to the goatse site.

How much could it cost, really?

[User+956]

wonder how many millions Homeland Security is going to spend "preparing" America for this one.

Is it really going to cost that much? I mean, I already got my plastic sheeting and duct tape, so now I'm completely immune to all terrorist + hacker activity.

right?

RIGHT????

Re:How much could it cost, really?

[JWSmythe]

I thought that came from the hit man's play book.

1) Lay down plastic sheeting behind where target will be standing. Cover floors, walls, and any furnature that may be splattered.

2) Invite "target" in to talk. Get target to stand or sit on plastic (as convinent).

3) Shoot target. Wrap him up in plastic, Secure him with duct tape.

4) lose the body somewhere forgetable. Jersey is beautiful this time of year.

Oh wait, what am I saying? Ya, I bought all that plastic and duct tape to protect myself against the terrorists.. :) But, if ever asked to stand on the plastic when in a potentially dangerous position, find a fast way out.

"What's the plastic for Vinnie?"

"We don't want to make a mess now, do we?"

Re:Most... controvertial.. moderation... ever.

That goes to the great slashdot troll investigation post. It had something like 500 mods. Indymedia did an article on it, even.

Come and get me, punkass

[3ryon]

If you think you can take a break from kissing your mother! You can find me at: www.microsoft.com

Disclaimer: Message meant purely in jest, I know you were just seeing if the chocolate pie was really as good as she said it was.

Follow up - Map Link :)

[RobertTaylor]

this is a maps.yahoo.com output for that address

Be warned this could be a totally false address and *not* the bloke who regged the domain, however..... ;)

Re:Follow up - Map Link :)

[radishthegreat]

That's not the Amityville Horror house, is it? The one where the kid murdered his family?

Most... succesful.. troll... ever.

[stoolpigeon]

probably not- but a more accurate title.

.

Wouldn't work

This wouldn't work. While it would be a good way of catching people, it's illegal for police to use this approach. It's called entrapment.

Re:Wouldn't work

[Andorion]

I've heard of this approach being used for people with outstanding warrants... I'd assume once they become a suspect there'll be a warrant for their arrest.

AFAIK, entrapment is when police are involved in CAUSING someone to perpetrate a crime - for instance, if they were to hold an (illegal) hacking contest, then arrest the entrants.

~Berj

Re:Wouldn't work

[deadsaijinx*]

The cops used it in the Simpsons, promising everyone free boats ;]

Re:Wouldn't work

[eht]

While similiar, the Simpsons approach didn't require breaking the law to get the "prize".

Homer is the only person on that show dumber than Chief Wiggum.

Re:Wouldn't work

Of course, if the police are not involved, they can charge SFGate and demand the names of all contentants. This isn't entrapment since SFGate caused the attacks not the police who were only gathering evidence of the attacks.

Re:Wouldn't work

[natrius]

AFAIK, Entrapment was that movie with Catherine Zeta-Jones going through those laser beams...

Slashdotted...or....??!?

[Lodragandraoidh]

Hmmm - defacers-challenge.com is not in the dns anymore.

Could it be someone pulled the plug on our erstwhile dare-devil? Or, was he just slashdotted off the face of the planet?

Enquiring minds want to know...

Re:Slashdotted...or....??!?

RTFA

It says that they were taken down.

Is it just me...

[El]

or does anyone else think that the Feds are behind this challenge, as part of a massive sting operation?

I deface a website every day!

[teamhasnoi]

I post on Slashdot.

It's usually lost amid all the other random graffiti, though with 1300+ posts under my belt, I'm becoming renown for my +5 Funny posts.

Guess what, I'm smart and a smartass. Put that in your pipe and smokit, Taco! ;)

Yo, moderators!

[donutz]

Friedrichs, though, said Symantec's global monitoring network wasn't detecting unusual rectal probes.

Hey...whoever moderated this up as Informative...you apparently overlooked some inaccuracies in the posted article text...maybe you should check your butt too and make sure you didn't overlook any of those probes...

First nomination: http://www.swimages.co.nz/

http://www.swimages.co.nz/

Re:First nomination: http://www.swimages.co.nz/

hahaha. that's such a good one.

Hacked by Chinese....

Hahahaha.....

Web Defacement Only?

[Eberlin]

Ok, sure, I suppose between nmap, nessus, and a few zero-day exploitz this stuff could generate a bit of a tee-hee among the script kiddies.

Why not raise the stakes a bit...oh, say, by targeting/posting personal info from CA residents where companies would then be required to publicly disclose the breach. A system gets 0wn3d and a company gets a public caning.

Blah blah blah illegal blah against the law blah don't do any of this blah blah.

handCLUFF?

[RobertTaylor]

right both of you have said it, please, what the hell is a handcluff?!

Re:handCLUFF?

If they told you, they'd have to cub you to death.

Re:handCLUFF?

[Roofus]

Don't be a hater. It's obvious they're from Japan!

Re:handCLUFF?

[sharkey]

It's obvious they're from Japan!

Prease, don't be an ass. The Japanese plonounce "handcuffing" in the exact same way we Amellicans do, and can handcuff tellolists arr day rong, IMO.

Re:handCLUFF?

[neurostar]

eh... the horrors of "Ctrl+C and Ctrl+V"...

*shudders*

/. gas on the Fire

[KFury]

Gee, I'd never have known about this small-time hacker stunt if /. hadn't brought it to the attention of millions. Talk about using your powers for mayhem, /. ...

Re:/. gas on the Fire

[mu_wtfo]

It's been on CNN and CNBC since this morning.

Backup and patch!

[dacarr]

Steps to prevent trouble

1) Backup your web content (You do do that anyway, don't you?)

2) Apply patches as necessary

3) ....

4) Profit!!!!

Now I understand ... wait, no, I don't .

[chloroquine]

So, tell me about this lucrative salary thing that happens when I do my postdoc? Fortunately, I do love my research. I just miss the outside when it is light out.

Costs people money?

[Chagatai]

The argument has been made time after time that when web face defacements occur it costs people extravagant amounts of money. There are several things wrong with this mentality.

First, these activities do not cost people money, they cost corporations money. I know, I know, this is supposed to trickle down to the individual level to where it hurts consumers. I think that the statement should be that "hacked web sites costs people time". Face it, who wants to come in on a Sunday to fix a hacked web page? Most salaried people receive no overtime for this type of work, so it costs them time. If there is any expense here, it is corporations who foot the bill, which relates to the next point...

Fixing web pages does not cost tens of thousands of dollars. A simple restore of an html page should not be perceived as an activity that puts a company into the red on a balance sheet. I still do not understand how corporations say that a cracker cost them $250,000 when someone replaces their corporate logo with Domokun. Perhaps it is because in reality this money is being spent to patch the holes they should have taken care of months ago? The headlines shouldn't say, "Hacker costs company $50,000 for hacked website!" The headline should say, "Company fails to follow basic security guidelines in patching their servers, costing their mismanaged budget $50,000."

Would I be pissed if my company's website was hacked? Yes. Would I be pissed if I had to take care of massive security holes on my Sabbath day? Yes. But would I accept the idea that it monetarily hurt my employer? No. This way of thinking needs to go.

Re:Costs people money?

[mellon]

Um, hello? I run a server that serves several web sites. I'm not paid for this. If someone hacks my server, it's going to cost me a tremendous amount of effort to recover. It won't cost me any money, probably, but that's cold comfort. I doubt that I'm alone in being in this situation.

Re:Costs people money?

I'm pretty sure corporations are referring to lost revenue as a direct result of their web page being unavailable for a given X hour period.

Its like having the window of your front offices smashed so you can't open your building (it's cold outside). People walk another block to a warmer building and hire somebody else.

Cost to repair window: $100
Lost revenue for 8 hours: $1000

Re:Costs people money?

[nettdata]

Exactly... the parent post's author seems to be saying that only corporations have web sites.

If anything, it'll hit the "personal site" maintainer hardest, because they are the least likely to have backups, etc. If some prick hacks into a web site, deletes the original content, and puts up an "owned" site, that not only costs someone time, but also may cost them the content if they can't recover it. It's not like these script kiddies will differentiate between corporate and personal websites. Thinking that they would is just naieve.

I also take particular issue with the implied concept that "my time doesn't cost anything".

Re:Costs people money?

[Hamhock]

"First, these activities do not cost people money...hacked web sites costs people time"
I don't know about you, but I get paid money for my time. And if I have to fix my companies web site, then it's costing my employer (who happens to be a person, not a corporation) money.

Re:Costs people money?

[Karhgath]

Saying that it doesn't cost money to people because it's corporations that pays the bill is pretty stupid of your part.

First, fixing the page is probably the least important factor to consider.

Since it's kind of a 'contest', who defaces the most websites, how much can you bet that a large % of them will be medium to small sites? Most will also be e-commerce related sites, since their security is often compromised by badly written e-commerce software.

Now, take the normal MomAndPops.com, which sells apple pies. Client comes to the site expecting to buy apple pie and then find out that the site become a Hacker Advertisement site of some sort, or even worst, says that Apple Pie causes cancer. What will they say? "I'll come back later when the website is restored"? I don't think so. Most probably: "Shit, they stopped selling apple pie because it gives cancer!". It's sad, but a lot of people are gullible.

So, the real problem is loss of sales because of it, and/or traffic/readership, and/or reputation or anything the website is based on. The longer the site remains defaced, the more the website loses. This is the real killer, especially for small to medium websites/e-commerce, and most of these aren't run by evil megacorporations.

And your attitude of saying it's not that big of a deal because the corporation has enough money to fix it, or won't pay the guy in overtime, is not very wise. Sure, most of them exagerates the 'cost' of hackers and such, but it doesn't mean it isn't substancial, or that it just costs a simple fix of the website.

Re:Costs people money?

[egburr]

The problem is that if someone was able to get in and replace that one image, what else were they able to do that you haven't discovered yet? Correcting this is not done by restoring the original image. You have to figure out how the hacker got in, figure out how to fix the hole, find and restore from a whole-system backup that is known to be good, and *then* apply the fix. You're probably looking at a minimum of six hours of work by a good sysadmin. During this time, your site is either down or still runing on a backup system that may or may not have also been compromised.

As for monetary hurt, did this result in lost business? Are you paid hourly or are you salaried? Do you get overtime? In the overall scheme of things, the dollar amount may not seem like much, but it can add up quickly.

Re:Costs people money?

Can I have the address to your house, please? I'd like to break in and steal everything from you. Then when I get caught by the police, I'll give you a call and you can tell them it was your damned fault for not securing your house properly.

Your way of thinking needs to go. Just because someone *doesn't* do something that maybe they really should, doesn't necessarily mean that they *deserve* to be wronged.

Re:Costs people money?

[M.+Silver]

I run a server that serves several web sites. I'm not paid for this.

Me too and me neither, respectively.

Back in the old days of dialup BBSi and whatnot, free boards were pretty much immune from hacking attacks. (Heck, I remember having an old Info-Ex BBS crash and hand me a BASIC prompt over the modem: I patched the code, commented it nicely, and fired it up again so I could leave a note for the sysop.)

Be nice if the same ethic extended to this case, but I suppose that doesn't work once the community gets beyond a certain size.

Re:Costs people money?

[brooks_talley]

Wow. I'm trying to be as nice as possible here, but you don't have a lot of experience in the real world, do you?

Let's say that just 6,000 websites are defaced. How many of those, do you think, will be Fortune 1000 corporations? And how many of them will be small businesses that may or may not be incorporated? Is it somehow evil to run a business as a corporation rather than a sole proprietership or general partnership?

And you seem to want to have it both ways; on the one hand, large corporations somehow exaggerate what it costs to recover from a hack, and on the other hand anyone who *is* hacked is incompetent and deserves what they get.

In fact, in the unlikely event that IBM's site is defaced, it would certainly cost them hundreds of thousands of dollars.

There's a lot more to recovering from defacement than you seem to think. Hint: you are not done when you copying the original HTML page back in place.

For a large company, it means doing a massive project to determine what other systems could have been accessed using the defaced server as a middleman. And then examining those systems for signs of intrusion.

In the much more likely and frequent instances of a small business being defaced, it may or may not be financially ruinous, but it's certainly a lot more than the minor and greatly exaggerated inconvenience that you paint it as. These businesses don't have large IT staffs, and/or the technical know-how to slap themselves on the head and say "Damn! We should have installed that latest IIS hotfix."

It's an ugly situation, but it is absolutely an expensive one and has far wider repercussions than you seem to think.

Cheers
-b

Re:Costs people money?

>> First, these activities do not cost people money, they cost corporations money

Who do you think owns corporations? Martians? About 85% of the American public own shares either directly or indirectly in (publicly traded) corporations. Not surprisingly, non-public companies are owned by humans too. Even 401(c)3 (non-profit) corporations are "owned" by people. Once more for the people in the back:

Corporations are not evil pecuniary robots; they are just a partucular form of human organization and ownership.

Re:Costs people money?

it'll hit the "personal site" maintainer hardest, because they are the least likely to have backups, etc

I think you misspelled "stupid people" inthe quotes above.

Re:Costs people money?

ALl this is necessary because the company didn't secure their server(s) properly- in other words, they brought it upon themselves.

Re:Costs people money?

[overunderunderdone]

Most probably: "Shit, they stopped selling apple pie because it gives cancer!". It's sad, but a lot of people are gullible.

No, not gullible but scared to ever give that site their credit card again & angry if they already have. I have seen website defacements *kill* what had been very successful sites before and *people* lost money - the investors are out their investment, the management & employees are out of a job.

Re:Costs people money?

[overunderunderdone]

First, these activities do not cost people money, they cost corporations money.

What is it that you think corporations are? It is a group of PEOPLE(!) combined into one body (definition 3) that is granted a charter recognizing it as a separate legal entity having its own rights, privileges, and liabilities distinct from those of its members (definition 1 - both from The American Heritage Dictionary).

Despite the legal fiction that a corporation is a seperate entity in the end that is still a fiction . The corporation remains a group of people. Anything that costs the corporation money costs those people money. They may choose (or more likely in the large public corporation you are envisioning the managment they hire may choose) to pass that cost on to their customers, they may choose to maintain their profits by cutting costs elsewhere (i.e. their employees) or they may bear the cost themselves. In any of those scenarios though anything that costs a corporation money still costs people money.

For a large corporation those costs are spread out over hundreds of thousands or even millions of people a few thousands won't be missed. But similar losses which the shoplifter/slacking employee/hacker/frivilous litigant justifies as "not costing 'people'" any money adds up to be a lot of money that does cost real people real money. More likely on this "defacement day" many of the corporations won't be that large - my corporation for instance is made of two people, myself and my wife - I'm intensely aware that anything that costs my corporation money costs me money.

Re:Costs people money?

[loraksus]

If you run a website, you should be backing it up. I thought this had already been established. CDs are pretty cheap. . . Hell, a raid array from a couple of years ago won't set you back a ton of money either.

Re:Costs people money?

[Crashmarik]

You Know your'e right it doesn't cost People Money.

It costs me Time, money, aggravation and customer good will.

Would you accept the idea it monetarily hurt your employer ?
Don't worry about it with employees like you, it makes it that much easier for him to outsource to india or romania.

Re:Costs people money?

[daffmeister]

If anything, it'll hit the "personal site" maintainer hardest, because they are the least likely to have backups

How can they not have a backup? Where did the site come from before they uploading it to their web-host?

Even on my own machine I have development and live.

Re:Costs people money?

[SparkyLi]

i like pie

Re:Costs people money?

[nettdata]

I know lots of people that have their own web site, but it's running off of their own, broadband connected, at-home servers, where the server is their only machine... they're NOT running off of another web-host, they ARE the web-host.

For instance, by best friend has a new G4 tower at home, and that's what he does all of his email and browsing with, and all of his pics from his digital camera are on it, etc., and it also is his web site for his own domain.

Someone remotely trashing his stuff would have just the same effect as someone coming in and stealing the box... it would be gone.

Now, I've tried to convince him that he has to make backups, either burned to CD or somewhere else, but he hasn't done that.

That's what I meant by "personal site" maintainers...

Re:Costs people money?

[daffmeister]

That's exactly my setup. But I still have a dev. folder and a live folder. If I update my website I don't edit it directly. I edit the dev. version, make sure it's alright, then copy to live. If someone's editing their live site they're more likely to trash it themselves by accident than be hacked.

Someone defacing a web-site would just hit the live folder. Now, someone completely hacking the machine, that's a different story...

Re:Costs people money?

[leonardluen]

oh? so, you didn't happen to put bullet proof windows on your car so it is your fault that a simple baseball bat let me break the window and steal it...in other words you brought it on yourself

you are an IDIOT

Re:Costs people money?

[GutBomb]

they DO ahve access to the whole machine in order to deface a page. they don't just do it through a web browser. they gain root/administrator access to the machine and modify whatever files they see fit. they have access to the whole box, not just the "live" folder.

Re:Costs people money?

He probably doesn't get paid. He probably writes open sores software.

Re:Costs people money?

[An+Onerous+Coward]

There's a lot more to recovering from defacement than you seem to think. Hint: you are not done when you copying the original HTML page back in place.

Apparently, you've never seen my website.

Re:Costs people money?

[daffmeister]

Yes. But in the context of this discussion, where we are talking about people going out deliberately to deface web-sites (and just that I believe), having a staging site for a live site is effectively as good as having a backup. Just restore from your staging site.

Re:Costs people money?

[outsider007]

so put up a firewall and make a backup, doofus!

Re:Costs people money?

Wealth is created by people making things.

That's why your family did not have to live on the same beach where your greatgrandfather landed on this continent, along with all his descendants. Your ancestors built homes, farms, stores, and factories. People are willing to use their labor to get the results of the labor of other people.

Corporations are just groups of people, where one group with money has bought stock so as to give the corporation money to start up, and another group of people have agreed to create wealth within the corporation and to let the corporation keep some of the wealth in exchange for providing a workspace, tools, and sales and distribution of the results of the work. A company worker doesn't have to do the many types of tasks needed by a single business owner: handle expenses, income accounting, government paperwork, maintenance, create new products, build inventory, advertise...

The people who create the wealth inside corporations are like apartment renters. A home owner or a business owner has more freedom to improve and benefit from their changes to the home or business, and home/business expenses build equity(value). An apartment renter can't change an apartment, has more difficulty not bothering the neighbors, doesn't have land for a hobby/workspace, and loses all value of the rent money. A home/business owner has to pay for all expenses and maintenance, while an apartment renter pays the building owner to handle the expenses and maintenance. A home/business owner takes more risks and tends to keep more wealth, while an apartment renter is exchanging rent money for simplicity and short-term stability.

Re:Costs people money?

[onenil]

Not only does it cost money for the big corporation to fix the site... it also costs to investigate the attack. This cost would probably be absorbed by the company hosting the site (big corporations don't necessarily host their own sites). Lets not forget the tax payer dollars spent on the police investigation that may take place also (most companies will take an attack on their good name very very seriously, and report it as a criminal offence).

The hosting company I work for once had a high profile site defaced - the site content was fixed by the site's developers (employees of the site's company), time was also spent by the sys admin of the data centre sifting through web and firewall logs, and all collated information was forwarded on to the police, who then investigated and eventually charged the person who attacked the site.

I don't think they'll let it go on July 6th just because they read in some newspaper that its a day of hacking.

Re:Costs people money?

Doesn't your employer have to pay you more so as to keep you happy to work more time? That is costing your company money that it could have spent in building more of its product which people are willing to pay for.

If your company could guarantee that you would only have to work 8 AM to 1 PM, would you be willing to accept less money than if you have to work 10 hours a day and be available for 2 AM upgrades several times a year? (Yes, I chose 1 PM so there is enough time left in the day for you to do other things which you like -- perhaps even a second job doing something else which you like to do)

For that matter, if you're always having to remove defacements and reboot your server... your employer is paying you to only do that. Your employer will have to pay someone else to gather new patches, buy a second server, install and update everything in the second server, and then switch to the patched server so you can stop with your file-copying and reset-pushing.

Yes, paying someone whose only job is restoring damaged sites is an extreme example. But your employer does have to pay you to do that part of the time whenever it happens, and you could be doing other things which are more helpful to your employer - such as giving a new employee computer access so they can get something done. There are indeed large companies who use servers with less capacity than other servers could provide, who have enough traffic that they need more servers, whose servers crash often enough that they need more servers so there are always enough functional servers, who need more employees to maintain and restart those servers, who need more network staff to maintain the additional servers and employee computers, who need more administrative staff, who need more servers to service the additional staff, which requires more servers to ensure there are always enough functional servers...

The company therefore has to charge more for their cans of tomato soup and consumers have to pay more, so consumers want jobs which pay more, so employers have to spend more money on wages, so the companies have to charge more for their...

Re:Costs people money?

[budgenator]

if your site isn't to depemded on database integation and other dynamic stuff TheWayBackMachine can be a life saver; it'll miss some of the graphics sometimes.

Mischief Night

[Lodragandraoidh]

Regarding 'Mischief Night' -

In America, we call that 'Weekends' and 'Holidays'... :-}>

Re:Mischief Night

[buck_wild]

Hahaha! That was fucking funny!

But I was disapointed that you forgot 'Summer vacation'.

Re:Mischief Night

[KillerHamster]

In some parts of Cleveland, we call it "days ending in 'y'."

Re:Mischief Night

[minus9]

Mischief night is basically trick or treat without the treat option.

Re:Mischief Night

Dude, that's like very day except weekends...

Re:Mischief Night

[*weasel]

i must be old, but i remember when we out and out called it 'Devil's Night'.

of course, i live outside detroit - the city that was regularly nearly burned to the ground every day before halloween for years and years.

of course, now criminals dont want to be downtown at night, so it's been getting 'better'.

for pop culture reference: see 'The Crow'.

happy!

[loteck]

if i can replace your index.html..

i can probably replace or delete many other things. Yeah, still hacking.

The really obvious question . . .

[Mikey-San]

Okay, what prize do I win if I deface www.defacers-challenge.com?

All of their server space? :-)

Sounds like entrapment

[Triumph+The+Insult+C]

but it's not

the police do this daily. usually, they call up the criminal telling him/her they've won something, and they need to go to such and such a place to claim the prize. presto, back of the cruiser.

Re:Sounds like entrapment

[Triumph+The+Insult+C]

(argh ... replying to self)

the reason it's not entrapment is because the criminal is ready and willing to commit the crime.

Re:Sounds like entrapment

No, the reason those sitautions are not entrapment is that the people already have outstanding warrants or convictions against them. Tricking them into showing up to be arrested has zero to do with entrapment.

And no, they don't do that "daily".

Re:Sounds like entrapment

The word is "sting", and he's right, if you are standing next to a window with a brick, a policeman can very easily say, "Hey wouldn't it be cool if people broke this window", then arrest you for it.

What they CAN'T do is come up, give you the brick, drive you to a window, and pay you five bucks to break it, then arrest you.

It's only entrapment if it is a crime you wouldn't have thought of yourself. Daring script kiddies to hack boxes wouldn't be hard to sell to a judge as a sting operation, especially if they cleared it ahead of time.

Re:Sounds like entrapment

[Zork+the+Almighty]

Your first example is flawed. The "come claim a prize" trick is legal because the police are not playing a role in the actual offence (the people have outstanding warrents, etc, so the crime has already been committed). Whether or not your first example is entrapment is debatable.

Re:Sounds like entrapment

[TheMidget]

the reason it's not entrapment is because the criminal is ready and willing to commit the crime.

Nope, the reason is because police were not tricking them into committing a crime. Picking up a lottery prize is not a crime. The arrest happened on basis of crimes that the criminal already had committed before (and of which he has already been convicted). The ruse is only performed to attract the criminal to a location where he can easily be arrested, it's not done to gather additional evidence.

Bah...hackers schmackers!

[madmarcel]

Hmmm...july 3rd...counting down...

But...let's look on the positive side:
Let's say thousands of websites DO get de-faced (w00t - how very unlikely ;)

A) Thousands of extra hours of work created to clean up the mess. (or not - y'all make backups right ;) Those are surely bill-able hours right?
And it's on the weekend, wahey! Double rates!

B) All the administrators of web-servers that WERE defaced will HAVE to examine the security of their web-servers. Improvements will HAVE to be made. If 'thousands' of web-servers are forced to improve their security...is that a bad thing?

C) Perhaps a lot of administrators (and PHB's) will notice that the most commonly defaced web-servers were (or are likely to be) those that run M$ software of some sort. Would that make them more likely to switch to OTHER software?

D) Hundreds of lamo script-kiddies prosecuted, jailed and/or permanently disallowed from using the internet. Excellent. Perhaps /.'s troll ratio will drop, and IRC will become a pleasant experience....NOT! :^D

Re:Bah...hackers schmackers!

WHAT positive side?

Lots of IT employees who don't get OT or hourly 1099 have to come in on a holiday weekend. I personally know several who would like to throttle the son of a bitch.

Fortunately the FBI is on the case.

If you're going to do something that gets you busted, don't do it on a holiday weekend, you'll rot for several days before you see a judge and have the possibility of making bail. (Yaay!)

Re:Bah...hackers schmackers!

[quelrods]

some of us are contract so there is no such thing as overtime pay there are just billable hours.

Re:Bah...hackers schmackers!

[Phroggy]

Those are surely bill-able hours right?
And it's on the weekend, wahey! Double rates!

I think you're assuming quite a bit about the current economy and job market. You actually think companies are paying overtime for this sort of thing anymore?

All the administrators of web-servers that WERE defaced will HAVE to examine the security of their web-servers. Improvements will HAVE to be made.

I think you're assuming quite a bit about PHBs and beancounters. Why go to all that trouble, really? It's going to cost how much? Can you explain again why this is important? Can't you just restore the site from backup? We have a firewall, and it was bloody expensive; we shouldn't need to do all that other work you're talking about, especially if you want to get paid overtime for it.

Perhaps a lot of administrators (and PHB's) will notice that the most commonly defaced web-servers were (or are likely to be) those that run M$ software of some sort.

Or perhaps they'll be Linux boxes running Apache with buggy PHP scripts. Windows Server 2003 to the rescue!

Perhaps /.'s troll ratio will drop, and IRC will become a pleasant experience....NOT! :^D

Yeah, not. Slashdot trolls don't know how to hack web sites. They only wish they were that l33t.

Re:Bah...hackers schmackers!

C) You are full of shit. Try hosting on both sometime and see how it goes. More linux boxes get hacked by far of late, and most of them are hosting way more sites than IIS systems. Matter of fact, put both up one day, install some typical shit found on providers servers, and see which one dies first. I have Linux servers, FreeBSD servers, and IIS with .NET running..the only one that has been hacked is the POS linux box. What you said was true 2 years ago, but not anymore. IIS 6 kicks the hell out of apache, anyday.

Re:Bah...hackers schmackers!

[Cyn]

Spoken like a true anonymous coward. Any system can be hacked, it depends on the administrators attention to detail, familiarity with his environment, and paying attention to log files manually or through scripts.

If your POS Linux box got hacked, it wasn't any more Linux's fault than when you stub your toe running down stairs and the stairs are at fault.

If you Windows box stayed secure, it's because you gave it more attention than the Linux box. No fault of either - and now you're deluded to thinking that Windows is superior, when all along it's been you protecting the systems that survived - maybe you should wake up to that fact.

Good & Bad

On the upside: Finally, a story on slashdot that doesn't involve who's suing who, violating this contract/license, going to court for that.

On the downside: July 8th is more legal babble on slashdot day.

Duh!

I think you need to go back to Unix 101 to learn about shell commands. No profit for you.

Re:Duh!

He also needs to learn some HTML so his list doesn't all end up on one line, and so the list is automatically numbered.

Re:Most... controvertial.. moderation... ever.

AC Post = 0
total = 0
60% Insightful = +3
total = +3
20% Flamebait = -1
total = +2
20% troll = -1
total = +1

Boy, that was hard to figure out...

What's a handcluffing?

Headlights

[0000+0111]

Does this mean that I shouldn't flash people with my headlights if they have theirs off like that rumor about ten years ago? What is this? Now hackers are on the level of street gangsters? This is stupid, I can't believe it got news coverage.

500mb

[SKPhoton]

my guess is that the 500 megs is just to lure in more script kiddies.. nothing else

Slashdot's new title

[crux6rind]

SLASHDOT News for scriptkiddies. Stuff that 1337

Please report to jail and collect your prize

[GojiraDeMonstah]

It's like the Simpsons' episode where the police called all the scofflaws and told them they won a boat.

Screw over? This could actually help.

[IncohereD]

Is this a call to deface Web sites, or generally screw over sysadmins who oftentimes are paid beans to being with? Shameful.

Maybe if hundreds of corporate websites get defaced so easily, they'll actually wake up and START hiring more qualifed sys admins for a decent salary, and STOP over working those they have now.

Sometimes what a problem needs is a good exposing in order for someone to start fixing it. If everythings going along AOK where's the incentive for a business to change the status quo?

Re:Screw over? This could actually help.

Maybe if hundreds of corporate websites get defaced so easily, they'll actually wake up and START hiring more qualifed sys admins for a decent salary, and STOP over working those they have now.

Actally.. if a comporate site gets defaced, they'll probably underwork(read: pink slip) the ones they have now.

Re:Screw over? This could actually help.

[IncohereD]

Actally.. if a comporate site gets defaced, they'll probably underwork(read: pink slip) the ones they have now.

That's called unlawful dismissal if they were denied the resources to do their job properly, or well deserved if they were just incompetent.

Ain't a damn thing changed boy, protect ya neck.

Re:Screw over? This could actually help.

[Aceticon]

>Is this a call to deface Web sites, or generally screw over sysadmins who oftentimes are paid beans to being with? Shameful.

Maybe if hundreds of corporate websites get defaced so easily, they'll actually wake up and START hiring more qualifed sys admins for a decent salary, and STOP over working those they have now.

Sometimes what a problem needs is a good exposing in order for someone to start fixing it. If everythings going along AOK where's the incentive for a business to change the status quo?


You seem to expect that (up to then) clueless managers will suddenly "see the light" and discover there is actually a causal link between overworked sysadmins and increased security risks PLUS admiting it openly PLUS accepting the blame for overworking those same sysadmins ...
(Instead of ... say ... blame the sysadmins)

Just don't hold your breath ...

I can't wait...

[theendlessnow]

to see my website defaced on my BRAND NEW TOSHIBA with 17" SCREEN!! YEEEEHAAAA.....

Uh, where's the problem?

[EvilStein]

Looks like they lost their own contest already..

[4:30pm]jnichols@cheese% host www.defacers-challenge.com
Host not found.
[4:31pm]jnichols@cheese% host defacers-challenge.com
Host not found.
[4:31pm]jnichols@cheese%

Re:Uh, where's the problem?

Hey, maybe they got slashdotted!

Take that, evil script kiddies! If only you knew the power of the /. community!

GrammarFairy says : near-homophones are tricky

[GrammarFairy]

In your title, you make a pretty understandable spelling mistake with the word "wrecklessness"

The correction to your spelling is similar to the correction many people worldwide would like to make to the US government: Drop the 'W'

I can see where the idea of "wrecking" things would lead you to "wreckless" behavior, but this is incorrect. Dictionary.com lists the origin of 'reckless' (its correct spelling) as:

"Middle English reckeles, from Old English rcelas. See reg- in Indo-European Roots."

Perhaps this is a pun, GrammarFairy is often humor impaired, but I provide this information for the public benefit as well.

Grammar Fairy Dust for you: .,'"`'.,.",:,.'"".,.

-GrammarFairy

Poison

[IncohereD]

Y2K was not 'a' bug, maybe, but it was definitely a serious of 'bugs' (or 'features', if you really prefer).

And, if you want to get technical, ILOVEYOU wasn't really a virus, in that you had to spread it yourself. It was more of a social engineering incident than anything, or maybe a trojan.

Or actually, a poison. It was the equivalent of sending out a bunch of free cans of Coke to people that instead released a bunch of nerve gas and hurt the surronding individuals.

Oooohhh I'm so Scared

[dwillden]

This reminds me so much of the uncounted announced attacks on AOL. When I worked tech support there a few years back, every couple months we would hear about these mass attacks that were going to happen. They never did.

Oh I'm sure a few sites will be defaced by the kiddies, but it won't amount to any serious damage. And if they choose to target the /. enemies (RIAA, MPAA, etc ... more power to them.

stand up

[IdleLay]

well we all deplore security by obscurity... but at the same times constantly look over our shoulder to make sure that our services are secured. Time for the real security experts to stand up and little boys to shut up and get out of the way of real men/women.

come on, /.

[garymm]

why did you post this on /.? now tons of computer-literate people will see it, doubtless increasing the amount of pages to be taken down. Maybe not by much, but I'm sure it will happen. Like troop locations, it might be interesting news, but best kept under wraps (raps?)

Site Down. Mirrors?

[MyHair]

www.defacers-challenge.com doesn't resolve for me. Does someone have a mirror or the IP?

(Just curious. I'm not a hacker.)

Speaking of Piss

[KalvinB]

How to lock down a server:

Don't use remote administration. Your system is then only as secure as your password.

Use a router. Never put your system right on the wire no matter what OS you're using.

Block all ports that you don't need the whole world to see.

Don't run services that use OS accounts. The accounts used to log into the FTP, SMTP, and POP3 servers on my server have absolutly nothing to do with the accounts used to log into Windows.

It'll be interesting to see how many lame attempts are made to haxx0r my server considering it's running Windows 2000 and hasn't been patched since January (oooooops. Did I say that?).

Ben

Re:Speaking of Piss

[MattCohn.com]

Hell, I'm sure a few dosen slashdotters are workin on it right now.

Re:Speaking of Piss

[billatq]

Use a router. Never put your system right on the wire no matter what OS you're using.

You know.. routers use operating systems also, and the same people who wouldn't properly configure a system as a firewall are likely the same ones who would probably leave the default password on a good router and then misconfigure it. Using NAT / Firewalls help, but you still have to have some idea what you're doing. On that note, I like to use OpenBSD or linux for my firewalls, and haven't had a problem yet.

Funny if

[legomad]

A hacker puts Netscape or even Mozilla up for download on the M$ front page.

That's my birthday too!

[Soporific]

Coincidence? I think not!

~S

Re:That's my birthday too!

mine too

Re:That's my birthday too!

[Soporific]

All hail 7/6/74 and 7/6 poster that replied to my previous post!

~S

Poetic justice...

[JRHelgeson]

Isn't it ironic that the www.defacers-challenge.com website get taken down by the /. effect?

Too funny...

Re:Poetic justice...

[AceCaseOR]

RTA, the Law Enforcement shut it down, not /.

Re:Poetic justice...

[TCM]

The domain was registered on June, 21st. As of now, the official DNS servers don't know that domain and I think they never have in the past one and a half weeks. Maybe it's about to come up (a bit close then). It's certainly not /.ed, slashdotting doesn't remove domains from name servers (yet :)).

Just wondering...

[MoreDruid]

Might it be a big coverup from some real blackhats to disguise their own traffic whilst hacking some evil (tm) company/government/whathaveyou?
The release of a new worm also comes to mind...

OS/Distro means a lot

[phorm]

About 2 weeks ago I was running RedHat. I would have been running around frantically trying to track down any patches I might have missed, version-checking my RPM's...etc etc.

Once I read this I was like "crap crap crap, a whole lotta patching to do"
Then I SSH'ed to my server...
And remembered I was running debian...
apt-get update && apt-get upgrade...

I suddenly feel a lot better about the few hours it took me to make the switchover.

If I were running an MS server I would probably have had a near heart-attack by now. I've never needed the
"newest-most-spectacular-greatest-ever-superd uper-new-version" of any of my daemons, so there's no problem at all with Deb, despite the arguements of many.

Re:OS/Distro means a lot

[krray]

> About 2 weeks ago I was running RedHat. I would have
> been running around frantically trying to track down any
> patches I might have missed, version-checking my
> RPM's...etc etc.

True, true, but to be fair -- for the small to medium sized business types (what I over see :) the use of Redhat's Network does offer a very decent and cost effective way to manage huge chunks of Linux box easily. $60/yr for personal type (basically ungroupable boxes) or $90/yr for the "Enterprise" (groupable) servers.

Of course RH is trying to push business' into their Enterprise Edition release (vs v9), but that is another issue and one that does make debian or even going bsd look favorable.

Just login to the web interface, click errata, for the groupable ones ... apply. Otherwise you can go box by box and update as well. This is pushing it.

Of course you can pull it too (immediately) and login with a shell and as root simply:
# up2date -fu
(I personally think of Microsoft everytime I type those flags :)

There's also a X-Windows update agent as well that's pretty slick, but basically just is running the command line tools.

Really not much different than Apple's graphical update which can also be hit easily via the command line via softwareupdate. There you pay ~$129 every couple of years for the OS update and have to purchase their hardware. Personally, I bought it. I like it too. :)

Now -- compare all these vendors and add into the mix of having to take care of Windows boxes too. Sorry, but I still cringe with every patch that comes from Redmond. Thankfully our total business exposure to Windows is becoming more and more limited. :)

Re:OS/Distro means a lot

[bobintetley]

I have a Mandrake 9.0 webserver, and as soon as I read this, I sshd into the box and just did:

urpmi --update apache

Oh, and Mandrake do not charge you for getting updates from them. They maintain a list of known FTP mirrors (which they don't run directly) for security patches/updates etc and you can just pick one from the MDK Control Center program.

I'd imagine there are plenty of other distros and platforms where it's this easy to patch your webserver (Gentoo and *BSD spring to mind).

(I also patched any programs I have sat on open ports just to make sure, including SSH, Postfix and imapd)

Re:OS/Distro means a lot

[phorm]

It seems a lot of distros do this. I did know that RedHat has up2date, just never found as much use in it.

The nice thing about deb being though, that you don't have to apt-get update apache... it's just
apt-get update (get list of packages, new security updates) apt-get upgrade (apply new security upgrades)

It's actually like *shudder* windows update except a heck of a lot more reliable and none of that sneaky stuff that Redmond pulls.

Well, I'm a gubmint sysadmin...

...and my agency is spending exactly zero dollars on the software (Apache 2.0.46 update from very slightly previous version of Apache2 running on FreeBSD 4.7 on a 7 year old Proliant 5000 PentiumPro 200MHz hand-me-down server) and spending almost zero dollars on labor, since I'm a salaried employee who gets no overtime, only comp time off, and it's taking me about an hour and a half (after normal working hours) to download the new version, back up all my website data & configs just in case, and compile/install/test the new version of Apache.

Now lets just hope the Apache team have made 2.0.46 as hackerproof as possible :-)

I fell pretty confident about my webserver now. How do you feel about yours?

Re:Well, I'm a gubmint sysadmin...

...and before anybody out there starts blathering about why I'm not running a more current version of FreeBSD with it's associated security fixes , well I've already patched the vulnerable stuff(ssh, bind) that matters, and besides, this thing sits behind a PIX and only port 80 traffic and DNS from the wide-open public Internet can reach it anyway.

Re:Well, I'm a gubmint sysadmin...

[JWSmythe]

And then you find out someone in the call-center saw you type in your password yesterday, and SSH's in from your desk with your password, after hours and appends "R00T3d bY 3733t CrU!" to every HTML page on the site.

If your a hosting company, that'll be a quick job to get the 6,000 sites done. Since it was your password, coming from your desk, it'll be you that hears some unsettling words from the boss in the morning, and that PIX firewall didn't help at all.

Who would have thought that cute quiet girl in the call center was really a little hardcore hacker chick? Probably the pigtails and "hello kitty" dolls on her desk threw you. You didn't notice she was watching the keyboard while you were typing on her console. Shouldn't have been trying to look down her shirt, huh?

That's ok, you'll blame the hacker wanna-be pimply faced, shit talking kid, who's always on 'bout how he breaks into this, that and whatever, but actually couldn't do it to save his life (i.e.: script-kiddie).

The moral, it never comes from where you expect it. That's too easy.

Why Defacer's-Challenge.com is down

[AceCaseOR]

As the article said, the site was pulled at the behest of law enforcement. That's why the site won't load. It hasn't been /.ed.

on july 6th

[bongobongo]

this article will probably read "July 6th - NE0258 RUL3Z"

more govt fud to scare the public

[deleted_soul]

1. Most everyday people have no idea how much 500mb of storage is. Saying something like that is an insult to the real hackers online.

2. The more stories the govt security groups cook up about the Phantom Menace the more they
can represent themselves in a useful light.

3. There are rumors going around that FBI undercovers could be training underaged script kiddies to cause havoc, since they are easier to corrupt. (unfounded rumor/speculation dept)

4. The govt will use any means necessary to spread FUD about the internet so they can gain more control over it policing. The black boxes that were installed the day after 9/11 are a testament to that. Its taken them how long to catch up to just a fraction of what most people do online? Think about it.

5. If somebody wants to a group to deface 6000 web sites, they aren't going to put a target on their own heads by advertising it. The isp might not disclose who it is but they don't need their disclosure to get the info because of the Homeland Security Act. so why bother advertising that.

Cold-War tactics still apply people. Look how easy it is to spread FUD these days. Internet Security has only come into focus since the dot-com boom & decline. I could say more but this post would last forever. People easily forget the past. And sensationalizing articles like this is just adding more fuel to the fire.

Slashdot has become a media-hog now, get with the program people. Mod me down suckaz.. You know u want to.

Re:more govt fud to scare the public

[scoobywan]

Right now there is so much govt fud that they not
need use this as a tactic. On the other hand, lets
all just say F&CK it and start on july 3rd, that
way the won't have a clue, or better yet, lets start
on july 12, just because it's even more of an
oversight. You know, I don't know if I disagree
with this post or agree, it seems to me like if
it's not govt fud it's corp fud, this sh*t is just
getting stupid. Maybe it's time for another civil
war, you might say I'm f*cked up, but realy what
do we have to lose anymore?????????

For those of you that say "Man that guy is nuts"
maybe you're right, to those of you who say "Hey,
maybe he has a point" good for you you're seeing
past the media shit and to the real picture.

later, (this kinda stuff bugs me)
scoobs

Re:Most... controvertial.. moderation... ever.

[TeraCo]

Don't forget, anyone who moderated the post positively was immeditately and irrevokably flagged unable to moderate.

That was about the time I gave up on slashdot as a serious news source!

Oh, he's a security "manager"

[fodi]

Gotta love this quote from Oliver Friedrichs, at Symantec:

Home Internet users, who typically do not operate Web sites, probably would not be affected directly, said Oliver Friedrichs, the senior manager for security response at Symantec Corp.

Yes, here is a mirror

[fv]

> www.defacers-challenge.com doesn't resolve for me. Does someone have a mirror or the IP?

They were shut down by their ISP (Affinity), but I still have the English version in my cache from an earlier viewing:

http://www.insecure.org/tmp/defacers-challenge/

Note that Insecure.Org DOES NOT in any way condone or promote this so-called challenge. I'm just providing the link so people can see what the fuss was about. I'm planning to add a note to that effect to the top of the page in a few minutes. What I found most humorous is that they ask people to register in advance by sending in their contact info. That is a really great idea :).

-Fyodor
Concerned about your network security? Try the free Nmap Security Scanner

Re:Yes, here is a mirror

[cpeterso]

The defacers seem to need some grammar lessons. :-)

I thought their OS point system was the most interesting. Are HP-UX and Mac worth more points because they are less common or more secure?


The systems OS windows will have pontuation = 1 ,

The systems linux, unix, and * bsd will have pontuation = 2 ,

Systems AIX will have pontuation = 3 ,

The systems Hp-ux and Macintosh will have maximum pontuation of 5 points.

x

[alienw]

x

Quick, patch the Gibson!

And be sure to change your passwords. Love, sex, secret, and god aren't very secure.

An occasional incident can actually help...

[kstumpf]

Sometimes people have to be burned before they will respect fire extinguishers.

Our main webserver got hacked just last weekend. It was a RedHat 7.2 that was up for about 450 days straight and was kept pretty well patched. Unfortunately, some custom Apache stuff kept us held back on patching httpd. I guess it really does only takes one weak link in the chain. Once they got in, they put in a rootkit called ZK and started setting up a hidden webserver where they were trying to sell web space on MY box. ;)

Lucky for me, I had a couple of cron jobs in place that used a hidden copy of tripwire and chkrootkit to check for intrusion and shutdown the network interfaces after they mucked around with sshd and the known hosts file. A cheap trick, but it worked.

I'm actually glad it happened. My boss and all of upper management are finally taking security seriously, and I'm milking it for all its worth. Its basically a blank check to lock down the fort. We've eliminated 75% of static NATs, shoved things off the LAN and onto the DMZ, closed dozens of ports, sprung for RHN subscriptions, eliminated several old NT4 servers, and generally did away with all the "convenient hacks" our engineers insisted on.

Re:An occasional incident can actually help...

[MickLinux]

Okay, please explain a bunch of stuff to me.

(1) What is wrong with NATs? For example, our ISP uses NAT to deliver service to our computers. Ideally, I'd also like them to IPTable ports 80,8000 on one website prefix (say, usr. instead of www.) to my computer. How does this compromise the system?

(2) Which packages do you use to check for open ports? Which packages do you use to *eliminate* root kits? [Or do you just have to floppy-boot, know where to search, and delete/restore a file?]

(3) What's a DMZ? It sounds like Demilitarized Zone.

(4) Assuming I'm going to get on the web sometime soon, where should I begin with network security for my Debian box? I'm not one of those geniuses who can instantly absorb all concepts, all speciallized information, and install all network security updates. Indeed, I don't know a lot about networking, much less network security -- but I'd like to get started.

Re:An occasional incident can actually help...

[ultraw]

Well, the answer to question 4 is pretty simple. If you have no custom packages, doing apt-get update && apt-get upgrade should keep you pretty safe.

If however you have custom packages, follow the mailing lists discussing those programs, and try to keep your package up-to-date.

Debian is very fast to backport security fixes. Redhat also has such a service, but you have to pay for it, and they only support their latest releases, which means you have to upgrade all your machines once per 8-12 months.

Loose answers to question

1) As far as I know, nothing is wrong with NAT. It is commonly used to bundle a lot of workstations,... behind a single IP. I don't get why you would remove NAT machines. The servers should be outside the NAT-ted zone.

2) There are several packages that can do this. Examples are chrootkit to check for rootkits, tripwire to check changes in files, netstat to list the open ports on a server, ... there are also a bunch of tools to check a machine from another machine. Keep in mind that all these programs might be altered by the rootkit. always install them from scratch when you think your system has been hacked... Keeping a list of checksums for the programs in /bin, /sbin and /usr/sbin might be handy... (or install Tripwire, with the checksums on a read-only system)

3) I guess DMZ means de-militarized zone, the zone between the internet and the corporate nat-box..., where the servers are supposed to be that deliver internet services... servers might be placed behind or before the firewall (allthough the first solution is better :))

Re:An occasional incident can actually help...

[MickLinux]

Okay, you said that the servers should be outside the NATted zone. I've been asking my ISP (which NATs us) to give me an ipchain rule that will allow my computer to function as a server. That way, I can run and test out my koha (www.koha.org) library card catalog system, and make sure everything runs properly. Can you tell me *why* the servers should be outside the NATted zone? And if so, what would we need to do so that my server would properly be outside it?

Re:An occasional incident can actually help...

[ultraw]

well, i would not say that your server *should* be outside the natted zone at all costs, but there are three things that spring to mind with such a situation:

- For every port/service you want forwarded, you need to install a ipchain/iptables/whatever rule (or multiple). When you add a service, you have to change the configuration of the server (normal), but also of the NAT-ting server. A mistake might lead to the disruption of the NAT service for other users.

- For heavily loaded servers, the nat-system will have to nat all the traffic, generating extra load on the nat-system. Depending on the nat-machine (dedicated $$$ hardware or linux 486 with 8M ram), this can affect performance for other systems. Note however that this is only for heavily loaded (with network traffic that is) servers, not for a test-server like yours is.

- If there are two servers behind the natting machine,both running a webserver, one can be forwarded from the 80-port of the NAT-machine, but the second can't (as this port is allready in use).

My suggestion: if you use this only as a testserver, leave it this way. If it is a production server with some load on it, inform at your ISP or hosting companys for hosting.

Re:An occasional incident can actually help...

The problem with NAT'ing to a machine on the internal network, is that when that machine is compromised, the entire network is accessible. That's why DMZ is used in the first place, to have a network that is shielded against the net, but also against the internal network, so that breaching a webserver will still land you on the "boring" side of the firewall, without access to the payrolll system or credit card database.

Re:An occasional incident can actually help...

[kstumpf]

1) Nothing is wrong with NATs by themselves. Our corporate network had alot of NATs from outside into our private LAN with open ports. THAT's bad.

In a corporate network, you should always avoid opening ports into your LAN if possible. Now, if your private network contains nothing but a cluster of public web, email, and DNS servers, then there's not much you can do to avoid opening ports into your network. In our case, we have alot of employee data, databases, source code, and IP behind our firewall, so NAT'ing into it is very dangerous.

2) Once a system is compromised, I don't trust it. Its often more work to clean up after a rootkit than to just start over. Save what data you can or revert to backup and start from scratch.

3) A DMZ is usually a lower-security private network behind the firewall. Most people use at least one DMZ network to host non-critical or public-facing systems on so that if they are compromised, will not affect the integrity of any higher security private LANs.

4) Stay patched. It may be easiest to stay with standardized packages (like rpm or deb) until you get more experience. Its most important to patch systems running on public ports, like Apache (and any modules you may use), sendmail, named, ftp, etc., since this is where people are most likely to get onto your system.

Also, signup for a list like the Bugtraq mailing list and visit sites like securityfocus.com.

Ethics of drawing attention?

[pabl0]

Hi all,

After seeing this submission published, I noticed several folks who mentioned the very good point that by posting this, I may very well be drawing the attention to the contest that would make it a "success". I essentially responded to this via a newly posted article on my site, but thought it was worth posting here as well, so that hopefully my reasoning will make more sense. (Article Follows.)

Thanks,
Paul Robinson
gotclue.net

As Slashdot was kind enough to post, the San Francisco Chronicle has an article about a hacker or group of hackers that are calling for massive website defacements as part of a warped (and highly illegal) contest, to occur entirely on July 6th. I considered not submitting the story to avoid drawing attention to it. After all, this could end up being the next "Y2K" where everyone sits around waiting for the doomsday that doesn't occur. To those who don't think I should've posted the story, I apologize -- but suggest you read the rest of this article to understand my reasoning.

It's entirely possible that very few, if any, websites will be defacde that day. It's even possible that more may happen now that warnings are on high-traffic sites such as Slashdot; call it a self-fulfilling prophecy.

Slashdot's reader pool contains a great many folks who own web servers or are site administrators, such as myself. Certainly there are a few black hats in the crowd, but for the most part, the audience is people in the trenches of the technology industry. I can't think of a better place to reach the people who's pagers would actually be ringing or vibrating on Sunday if/when defacements occur.

Also, the story had already been picked up by mass media, such as the S.F. Chronicle. Since it was already being published to the general population, I feel that more good than harm would come from highlighting the issue in the technical community.

My apologies to the others who rely on web/e-mail services from gotclue.net, as I've probably made this server a more likely target by drawing attention to the issue. I'll be reviewing patches and packages over the next few days and making some fresh backups, just in case. If I can have my cell phone ring on Sunday but, by doing so, keep a thousand other cell-phones from ringing for the same reason, so be it.

+5 Pathetic

[flowerp]

1) Register domain with a discount webhoster

2) Upload a stupid hacking-contest website written in bad english

3) Make frontpage news, trigger homeland security defense program

4) ...

5) Profit?!?!

Why am I reading this in the News?

What I don't understand is why I'm reading "advisories" from the FBI, ISS, et al on MSNBC, Cnet News, SF Gate?? Why arn't they talking to the System Administrators via a known mailing list (or their own mailing-list)??

This seems to be either 1) sent out early by mistake, or 2) ISS and the FBI seeking publicity again. Can't see any other reason.

In other news...

[odessa]

The San Francisco Chronicle are inviting burglers and property defacers to alter as many homes and businesses as possible on july 7th, with an apparent limit of 6,000 properties per contestant. Looks like this would be a good time to make sure that your private arsenal is fully functional, loaded and well stocked with ammo and your Doberman Pinscher has an elastic band around its private parts in preparation for the fucked-up "friendly" fire-fest! See you in the shit!

To the FBI, CIA, NSA

[SixDimensionalArray]

Can we say, honeypots? Let's go catch us some h4x0rz!

You must be new here...

[psoriac]

Your points are all somewhat idealistic... it's obvious you haven't yet fallen under the cynical yoke of the real world yet. Let's disabuse them one by one shall we?

A) July 6th is a Sunday... which leaves all of Monday through Friday as "Official Cleanup Week". Last time I checked, M-F didn't fall under "weekend".

B) This is the real world we're talking about.

C) See (B).

D) See (C).

look here...

[/dev/trash]

Buffy Search

Good thing?

[dpete4552]

Maybe this will scare people into securing their web servers (e.g. possibly less Nimba traffic and whatnot).

bring 'em on!

[peripatetic_bum]

I got debian stable on mine. Come on Big BOYZ!

Re:bring 'em on!

who'd want to hack your slow site? took too long to process my request.

nt

nt

Is that like planning a National Insurrection Day?

[Progman3K]

I can't say that I like the idea...
How long will it be until such days of lawlessness bring us to "Hunt Down Minority X day"?

Re:Now I understand ... wait, no, I don't .

[Jardine]

Sunlight is overrated.

I've been to Amityville...

[joel8x]

...and trust me, they are suffering enough - defacing it might actually be an improvemnt (didn't you ever see the Amityville horror??)

aha!

[cscx]

After all, we know Micro$oft servers are a lot easier to crack than Linux or BSD servers, so they'll probably take the brunt of this.

It's asinine thinking like this that causes people to get hacked!

According to this article, 76% of boxes hacked in May were Linux boxes! Only 15% were Windows machines. It's just the simple thought that "oh it's open source, so it's gotta be secure!" that gets people to not update their stuff and get hacked.

Open source security vulnerabilities are just as frequent as Msft's, even moreso. Regardless of what you're running, you need to friggin update and stay on top of the game.

Or, you could just run chroot'ed Apache on OpenBSD.* :D

*The above statement shows the equal tradeoff between security and speed.

Re:aha!

[dochood]

Hmmm.....

Windows gets the brunt of viruses, because there are more Windows boxes than Linux or Mac OS X.

By the same logic, could we say that Linux Web Servers get hacked more often because there are more of them?

dochood

heh

[rehabdoll]

Perhaps i should give my root-account a password?

Slashdot defaced?

[WIAKywbfatw]

It looks as if someone got in on the act early and targetted our beloved Slashdot.

Huh? Whassat? This is a redesign?

Years waiting for a more user-friendly layout and this is the best that they could come up with?

You'd think that they could have come up with something better. After all, it's not like they spend their time checking for dupes, hoaxes or even simple spelling errors.

Preparations

[yintercept]

Slashdot may have informed a bunch of hackers about Defacement day, they are also informing a large number sysadmins who will check their weekend back ups and prepare for a Sunday in the office.

Of course, the smart thing to do is to deface your own web site, then you can take the weekend off 'cause the hackers will think you've already been tagged.

Re:Preparations

[sketerpot]

Clever. :-) Making backups would also be a good idea. If your web site has CSS files for the overall styling, you could make a modified version that puts "Hacked by Peter" in the background several times. You would just use fixed positioning, z-index, and some fonts.

Re:Preparations

Allready have a defaced index page ready. That doesnot take away any of my functionality or information. If i get tagged i might just as well do it myself.

It's still annoying

[iLeader]

It's still annoying

Re:Most... controvertial.. moderation... ever.

ZUUL.

Thank you!

Oh I can't help loving you, fyodor! ;) eliza

Isn't it the 9th?

[berriebecky]

This thread is too old for this reply to really get seen; but I'm suprised this hasn't come up yet ... Isn't it the 9th already? So wouldn't we already know whether this happened or not ?

contest addy

Anyone got the addy of the defacement contest page???

Zone-H Response

Zone-H has released a press release about it. Read it here.

Bill Murray?

[austad]

"The FBI is taking this very seriously," FBI spokesman Bill Murray said. "Hacking is a crime and those who participate in this activity will be investigated and brought to justice."

Bill then claimed that July 6th would never arrive for him as he is forever stuck on Groundhog Day. He then shot himself in front of reporters.

Back up your site

[mpost4]

I don't have my own hosting, I just use the space verizon gives me, but I am not all that confident in the security that they provide, so I just make sure I have an up to date back of my web site, so if it is defaced I can put it back up.

Perhaps not terrorists.. however..

[Genjurosan]

The fact that the website is offering a prize is a case to prosecute the creators. I'm not a lawyer.. yet I think that rewarding an illegal act is called solicitation. In all states this is an illegal act that would be prosecuted by usually charging them with the same crime and reducing the class of the offense by one level. I hope they arrest and prosecute the moron who placed the site.

How to win

[b1t+r0t]

1) Post message asking everybody (as a joke) to replace their home page with "hAkK3d by3 [insert name here]", with a link to your web site

2) ???

3) PROFIT!

Re:How to win

[b1t+r0t]

P.S. they didn't say social engineering was against the rules, did they?

Re:How to win

A turd responds to his own posts. If you'd have read the rules you'd see it forbids EXACTLY what you suggested.

News at 10: Slashdot Victim

[Phil+John]

Hehe, I think those hackers have been having a little test run...and hacked /. look...what's going on with that new nav-bar...why, it's almost easy to use, well laid out...and looks nicer than the "text hump" b4. ;o)

Okay, fess up

Who dun gone and defaced /. already?

Oh, it's like this all the time?

Nevermind . . .

Best hack for 4th of July weekend?

This seems to be a way of ruining everyone's 3 day July 4th weekend. Gosh, we all need to be at work checking all the servers, etc, instead of spending a long weekend with the family. Let's post a website and cry "wolf" about hacking. Watch everyone run in circles. I'll bet the crackers are taking a long weekend off enjoying themselves.

Those aren't script kiddies!!!!!!!!

It's Skynet, assuming control! There is no physical "core"-- it's just SOFTWARE! The missiles are about to start flying!!!

Good thing John Connor is in that fallout shelter with Claire Danes.

Ooops, I guess those were T3 spoilers. My bad.

I laughed when I read this

[publius314]

The Department of Homeland Security said Wednesday it was aware of the hackers' plans but did not expect to issue any formal public warnings. The Chief Information Officers Council, part of the Office of Management and Budget, cautioned U.S. agencies and instructed experts to tighten security at federal Web sites. "Frankly, hacker challenges occur frequently, and we don't think they all rise to the level of a warning," Homeland Security spokesman David Wray said. Is it just me, or aren't there more rumors of terrorist attacks than hacker challenges on a daily basis?

have you ever been to michigan

That other jackass spammer with the sports car in michigan?

If there are any spammers in michigan, chances are good they're jackasses with sports cars, since michigan is crawling with jackasses in sports cars.

Thanks

[MyHair]

Thanks, you are -so- da man.

Re:Income Opportunity

[yintercept]

Well, I also thought Defacement Day could be a good income opportunity. Web Admins could charge something like a hundred bucks then put whatever marks a hacker wants on the site. It would be a good way for cashed strapped sites to make a few bucks. The hacker could brag. If you play the game right, the might get some free publicity.

The only real problem I see is that I don't know if I would trust that the hacker I am dealing with gave me a legit credit card (it is really easy to steal credit card numbers at the local restaurant). Oh well, too many good ideas fall apart when you get down the the actual exchange of cash.

More than the cash

[zeigerpuppy]

With all due respect: this is about more than just loss dollars.
Dissent is what protects us from the type of complete control that large corporations and certain governments would love to have.
What's more, humour is worth something too!
Perhaps you should consider that business is essesntially evolved to consume vast amounts of resources to exaggerate economic growth so that more resources can be consumed (why do you think it's called busy-ness?)
So a little disruption is worth a whole lot of political freedom... and it's fun!

Re:More than the cash

Uhhh... Business evolved to create wealth. It doesn't just consume resources, it uses them to produce something which people want.

That computer you're using: You were willing to do some work to create something, your employer will get some money and pay you for your contribution, you took that money and shopped for a computer which you liked, which was sold by a company which paid employees and suppliers to build a $1,000 computer out of $1 of sand, $2 of aluminum, $1 of carbon, $1 of steel and copper, $2 of oil (for plastic), and $3 of other things.

• If you put it together yourself, you saved money because you created something more valuable when you worked to assemble the pieces. You created wealth.
• If you bought it from the little store which assembled it from stuff in boxes and bags, you could walk in, tell them what you wanted, watch them take the cheaper parts and in front of you they created wealth by putting together something you were willing to pay them to build.
• If you bought it from a company with a brand name, you were willing to pay them to build your computer and also paid for the comfort of the quality of the work which a well-known name implies. They paid someone to build a factory, hired workers to assemble the computer out of cheaper parts, and paid suppliers for the parts.
• If you bought it from a company which has machines created for it, then your maker paid other companies to put together pieces in ways which your maker specified.
• If you bought it from a company which made the computers more cheaply by building more parts itself, then it's because that company bought or built a group which is similar to smaller businesses which make the parts which the competitors use. Such as a company which makes its own motherboards.
• If you bought it from a company which is even cheaper by building even more parts itself, it's because that company built or bought even lower-level suppliers. Like a company which builds its own motherboards and the chips on it.
• A company can control its costs even further, by building its own machines to build multilayer circuit panels, cut the motherboards to the right shape, put the components on the board, and solder everything in place. So now the company is also manufacturing its own manufacturing equipment.
• Even further, a company could make its own resistors, transistors, cases, brackets, keyboards, and monitors.

You bought something from someone because they were cheaper or you liked their features. At what point of a company's integration do you think they are a "large faceless corporation" which somehow is trying to force us to do evil things unless we pay them.... One Million Dollars!

Re:More than the cash

Why did you pay for a computer or for parts of a computer?

Why didn't you dig up some dirt from the back yard, extract the (miniscule) amounts of silicon, copper, iron, aluminum, carbon, and other stuff? Then make your own wire, case, silicon crystals, chips, solder, switches, keytops, hard drive, fan, and monitor?

Oh, that's a lot of work and you'd rather pay someone else who built resistors and wire, or pay someone who used them to build a motherboard or keyboard?

That is how wealth is created. You are willing to pay someone for the effort which they or their employees put in making their product. Others are willing to pay you for the effort involved in making your product.

Large corporations are just larger organizations trying to produce things which people want to buy. Even the big military suppliers are making stuff which governments want to buy, because the governments want to run their country their own way rather than the way another country would. If the country is run by its people, its people are willing to pay the government for its protection so the people can live the way they want to. Otherwise each person would have to put more effort into protecting their own way of life. (Countries which are run by those in power of a government rather than by the people have governments which have to spend a lot of effort into protecting the government from both external and internal "competitors")

Advice

[PingPongBoy]

Throttle the traffic. Only allow normal information in and out.

Monitor the traffic

With props to AC/DC

[An+Onerous+Coward]

Add verses, mix and rearrange to taste. These crappy lyrics are hereby placed in the public domain:

----

She had a fast machine
she kept her modem clean
she was the best damned hacker
I had ever seen.

She knew the best exploits
Defacing major web [soites???]
0wn1ng IP addys
both left and [roite???]

She got a password prized
just by battin' her eyes.
She was social engineering like my oh my.

Now my hard drive's shakin,
the network's quakin'
For caffeine I'm achin'
and she's still breakin' in and you

Hacked me all night long.

She DOS'ed me to a crawl
Broke through my firewall
she set me up the bomb
and then I took the fall.

Circ and Nimbda too
But she still wasn't through,
she launched Anna Kournikova
and "I love you!"

Now my hard drive's shakin,
the network's quakin'
For caffeine I'm achin'
and she's still breakin' in and you

Hacked me all night long.

[repeat as necessary]

If struck busineeses want to strike back...

They should hack the computers that serve up welfare, that way the losers that do this don't get their check on time.

IMHO

[Alan+Holman]

In my humble opinion as a web-designer, Nooooooooooooooooo!!!!

RTFA

[Chemical]

Okay, I'm getting sick of this crap. This is not the "Washington Post Version". It's the same god damn AP article that The Chronicle ran. The Associated Press wrote that story. Not The Post, not The Chronicle, AP. There are probably thousands of other newspapers worldwide running that exact same article.

Yet every damn Slashdot story that links to an AP or Reuters written article (usually crediting the article to whoever is posting it in the Slashdot headline), some karma whore who doesn't RTFA links to the same story at another newspapers website (crediting the story to that paper). And then some idiot moderators who also don't RTFA mod it up as "Informative".

RTFA people! And give credit where credit is due. If AP wrote the story, say that when you submit the story to Slashdot.

Re:RTFA

You mean my local radio station (who informed me of this crack-a-thon less than 5 min ago) didn't write and research the story themselves?

Those lying bastards!
They said the story came direct from their newsroom!

How can I ever trust the media again?

Re:RTFA

Newsroom (nz`rm') n.: The overworked fax machine receiving press releases all day.

(By the way, why is Slashdot's layout suddenly so messed up in Mozilla?)

w00t!

[Valar]

I'm going to 0wn slashdot on defacement day! 1 g0tz teh 1337 haXor sk1||z!~

mischief night?

boring

Priceless

[ducomputergeek]

OpenBSD 3.3 .... $40 Router w/NAT.... $100 Portsentry set on Anal mode....free Sending Script Kiddies to /Dev/Null....Priceless For everyone trying to Crack, there's jail time.

YHBT

you have been trolled.

Now or Later

Look at it this way: Your Web site has the back door unlocked and wide open. You don't know that, but it's true. Would you rather find out on National Defacement day, where the probable goal is just to deface your website some? Or would you rather find out when some other nefarious activity happens later-- like cracking into your customer credit card database or something?

which is why you don't use port 80

[FatherBash]

for a personal website. Aside from wasting bandwidth on Nimda and Code Red blind attacks you're just asking to be scanned. I run three sites and two Groupware web access sites out of my home network and I've never seen a valid reason to have any of them sit on port 80.

Re:which is why you don't use port 80

I've never seen a valid reason

You also haven't seen any visitors from behind firewalls that limit users to only access known port services, such as 80.

cannot locate the page

[kipple]

really. I tried

defacers-challenge.com,
deface-challenge.com

I tried searching for them on google. nothing.

are we sure that it is not a big joke? I couldn't even find the DNS entry for that domain! And I haven't see a working link anywhere.

But maybe I'm wrong..

Re:cannot locate the page

[cookiepus]

Maybe they got hax0red?

Re:cannot locate the page

[bobbozzo]

It's up now!

Time to setup snort I guess :P

California may be in trouble...

[CrazyWingman]

This is quite an interesting development, especially after California's Security Breach Information Act just went into effect. If you want a concrete example of how a hacked website could cost people money - think about this. Not only is time lost in recovery of the site, but money is spent to notify people of the break-in, and customers may be lost due to security worries.

Mischief Night?

[Peter+Cooper]

What the heck is that? I'm in the UK and I've never heard of it. Are you talking about Halloween?

If not, I'm going to assume you're from someplace like Bradford. THE REST OF THE COUNTRY IS NOT LIKE THAT! :-)

Mitnick

[cocotoni]

OK, now that Kevin Mitnick is out, my bets are on him!

the Plastic & Duct tape

[GnarlyNome]

Read Dean Ing's novel Getting Thruogh

Great Just what I needed

[w0rd]

Thanks alot assholes, it's bad enough that I have a boss that's making me work on days that the rest of the company is off, now I have to spend my birthday worrying about whether I'm going to have to restore all of the websites on our system. Happy Birthday to me.

Re:Mischief Night?

[Tony+Hoyle]

Me too.. Never heard of it.

The only references I can find on Google say it's a US phenomenon, not UK (there's a good explanation of it on alt.culture.us.1970s).

Miss Chief Knight

Just because you fear Mischief Night does not mean it exists.

First rule of Mischief Night: Don't talk about Mischief Night.

here's their name and phone number

[polished+look+2]

google

Biggest non-event of the season

[Kombat]

Mark my words - nothing will happen. Come Monday, they won't even mention it on the news. It won't be being discussed on Slashdot, or, if it is, people will be begging someone to come up with even a single screenshot of a defaced site. Nothing will happen. No sites will be defaced. This is just some kid who put up a goofy webpage that was taken down within a few hours - there is no organization of hackers preparing to unleash a coordinated attack on our web servers. There's just us. Trust me, this is being blown waaay out of proportion.

Nothing will happen. Not a single site. Nothing.

Joe-Job?

Maybe its a joe-job?

450 days uptime is also indicative

[Jeppe+Salvesen]

There have been numerous patches to the kernel in 450 days since then. Are you sure you weren't vulnerable? Unless you're willing to reboot on a regular basis, keeping the rest of the system patched is close to kidding yourself.

Re:450 days uptime is also indicative

[kstumpf]

I was running 2.4.7. I'd made patches to kernel modules, including netfilter, but not the running kernel. I'm certain they didn't gain access to the system through this kernel, but its possible they used it to get root once they had a shell.

July 6th is the perfect day

A lot of people will be out on vacations, such as myself.. and if my cell phone rings, I won't be answering.

Opportunity cost

[terrance-t20]

I am not sure if you really got the concept of opportunity cost: take a look at some definition here.

RTFA?

[donkiemaster]

Return To Fetch Assholes? Rudely Tickle Free Apples? Regulate Three Fat Americans? Rummage Through Farting Anglos? Relocate The Fighting Armies? Reestablish Trouble For All? Resolve To Forget Anything? Rimjob Titties Farthead Assmaster?

Re:RTFA?

Read The Fine Article

Not even close

We're just a plain ordinary bureaucratic local government administrative office and have no call center. There is nobody else in our entire organization who even knows what SSH is, except me, and sshd only answers on the interior network nic's address anyway. And like I said earlier, only port 80 and DNS traffic from the outside world can get in to the webserver. The only internal network traffic that can get to it comes from my workstation, and yes we do have a cute blonde secretary who authors our webpages, but she really is so clueless that she can't even manage to FTP her work to the webserver over the internal net, so I just have her drag-n-drop it to a folder on an internal NT server and I FTP it to the webserver myself. We have no pimply-faced kids working here either. Everyone who works here is so old and technophobic that it took me 3 years to condition them to use email instead of typewritten (yes, typewriters -- at least they were electric typewriters) memos.... the first year was a transition period to using word processors to make the paper memos. LoL!

No, I'm pretty sure my only vulnerability will be in any undiscovered problems in Apache 2.0.46 and BIND 9.2.2 from the outside.

independence hack

[gabe]

Goddamnit, they don't need to be defacing websites now, they need to be hacking into the alien ships with all of their l33t virii so Will Smith and Jeff Goldblum can deliver a nuke to the mother ship and save all of humanity.

Oh, wait...

missing summer school.?

[budgenator]

maybe on weekend furlough from juvenile detention?

the game started early

http://blackhawkranch.net/

Internet Independance Day July 6th, 2003

July 6th - Website Defacement Day?

No! That's wrong. It's more like Canadian Independance Day July 1st, United States of America Independance Day July 4th, Internet Independance Day July 6th. Have some respect people, celebrate on these days, every year!

If anyone is wondering why we should celebrate world wide real time communications, think about this.

10,000 Years ago the Bog People lived. They had coins, hand tools and life was pretty well the same for 9,000 years.

Real dramatic change only occured within the last 200 years of human development. Within this time frame of + / - 150 years, we've gone through incredible advancements.

Once Electricity was aquired life changed forever for the human race. All of our other technologies began to build in place.

Industrialization, Engineering, Assembly Line, Automation, Robotics.

Telegraph, Radio, video, broadcast, Realtime, computers, email, cellular, Internet.

Medical Science has advanced so far that people from 100 to 150 years ago would consider it to be an act of God. Not to offend any of the Gods, its just a simple fact, when we can perform heart lung transplants and other similar interventions.

Aerospace,
Personal Flight, Drone, Rocket, Satelite, Flights to the Moon, Flights to Mars.

The Bog People were presented in the Canadian Museam of Civilization. 10,000 Years was represented as a piece of wood about 5 feet long. The last 200 years, was about 2 inched on that timeline.

Do the Right Thing!

Celebrate Internet Independance Day July 6th, 2003.

We have accomplished great things recently and every July 6th we should celebrate it.

I couldn't help but notice...

[edunbar93]

That this press release serves only to do three things:

1) panic the general public - half of whom hardly know what a web page is anyway - in order to justify the existence of the Department of Homeland Security.

2) promotes the hacker web page in question beyond the wildest wet dreams of the 16 year old cyberpunks that run it.

3) pretends that a bunch of 16 year old punks armed with what essentially amount to spraycans and lockpicks have anything at all to do with national security.

Alternative Strategy

I work for a large European government and we've decided to take the server down befoer we leave tonight and go have ourselves a nice weekend.

Script Kiddies

Here is some info on the people who registered the domain name defacers-chanllenge.com that started this whole mess.

11 Albert Rd
AMITYVILLE, NY 11701 US
Administrative Contact:
sotaa@wongfaye.com
11 Albert Rd
AMITYVILLE, NY 11701
US
631) 842-5471
Technical Contact:
Affinity Hosting, LLC (TS1126-ORG) contact@AHNET.NET
16611 S. Vermont Ave
Gardena, CA 90247
US
310-354-2626 fax: 310-354-1592

Notice that there are some email addresses in there. Why not email the script kiddies and let them know that they are doing is stupid, and will give legit hackers a bad name.

Contact the stupid script kiddies

http://www.samspade.org/t/whois?a=defacers-challen ge.com&server=magic

follow this link to get all the contact info for the individual that registered defacers-challenge.com, the site that started all of this. There's phone #'s and email addresses, so contact these script kiddies and let them know that what they are doing is stupid. Bringing even more media hype against legit hackers.