Great Circle Associates Firewalls
(September 1995)
 

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: RE: Comments on a hacked server/page
From: "Guaraldi, William" <willg @ Valinor . com>
Date: Mon, 18 Sep 1995 21:47:53 -0400
To: "firewalls @ GreatCircle . COM" <firewalls @ GreatCircle . COM>, "'Rich'" <raf @ ezunx . com>, "webserver-nt @ DELTA . PROCESS . COM" <webserver-nt @ DELTA . PROCESS . COM>

i am a web-author, and what i do is this:

i am running on a Windows NT server, but do the editing on a lowly WFW workstation.  when i do editing, i set the date back on the workstation to 1/1/95.  then i do the edits, and copy the files over.  This keeps all the dates on all the files the same so you can do a dir *.htm /s/p and check to see if all the dates are the same.  (of course now that i've published this, i had better come up with a better method....)

/will
--------------------------------------------------
	http://www.valinor.com
--------------------------------------------------

----------
From: 	Rich[SMTP:raf @
 ezunx .
 com]
Sent: 	Sunday, September 17, 1995 3:16 PM
To: 	webserver-nt @
 DELTA .
 PROCESS .
 COM; firewalls @
 GreatCircle .
 COM
Subject: 	Comments on a hacked server/page

    Thought I would throw this out for a bit of discussion...

Recently, a friend of mine who runs a IAP/ISP company (about 600 customers
so far) was 'compromised' on an NT server for his home page.  (I did NOT set
up his security/firewall, otherwise this would not have happened :-)  )

At anyrate, the jist of it was his home page was "altered" through a whole in 
the cern server which ran on the outside.  What was altered??  The prices for
access to his services!!!!!

This might have gone on "undetected" for quite some time, however, he had to
make a change to the page due to an AREA code change (sometimes the phone
company can provide a real use) and he pulled the old one up to edit.  He then
noticed that the prices had been increased by $20-30 per month for dialup access
and by almost $50 for isdn and I won't even mention the leased line prices, but
they were HIGH!

What are the odds that the author checks all his/her pages often enough to catch
something like this, and this brings to light a question....

How can you protect yourself from "altered" information?  I mean what if someone
had changed his page to load pornographic images or slanderous comments?  Who is
responsible?  A tough call I know.  

I am now checking my home pages at least weekly! (ALL OF THEM!)
cheers....
Rich Fitzgerald

p.s.  the hole in the cern server is now plugged... (we hope)
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
** Remember -- Life is NOT a dress rehearsal!
    (nor is it a small furry animal with funny feet and floppy ears...)


<<application/ms-tnef>>

Indexed By Date Previous: Configure RADIUS
From: mramirez @ imparcial . com . mx
Next: Re: Linux firewall setup
From: Steven Johnson - Hukd on Fonix <johnson @ bayflash . stpt . usf . edu>
Indexed By Thread Previous: Re: Comments on a hacked server/page
From: James_Dehnert @ optilink . optilink . dsccc . com
Next: Re: Comments on a hacked server/page
From: "Thomas W. Bassett" <tom @ webads . com>

Google
 
Search Internet Search www.greatcircle.com