Copy Link
Add to Bookmark
Report
Net-Sec Issue 026
Net-Sec newsletter
Issue 26 - 21.08.2000
http://net-security.org
Net-Sec is a newsletter delivered to you by Help Net Security. It covers weekly
roundups of security events that were in the news the past week.
Visit Help Net Security for the latest security news - http://www.net-security.org.
Subscribe to this weekly digest on:
http://www.net-security.org/text/newsletter
Table of contents:
1) General security news
2) Security issues
3) Security world
4) Featured articles
5) Security books
6) Defaced archives
============================================================
Sponsored by VeriSign - The Internet Trust Company
============================================================
Pinpoint the right security solution for your company - FREE
Guide from industry leader VeriSign gives you all the facts.
Learn how to:
* Add the most powerful online encryption - 128-bit
* Quickly authenticate your site
Get your FREE Guide now at:
http://www.verisign.com/cgi-bin/go.cgi?a=n061110570013000
============================================================
Advertising inquiries - e-mail advertise@net-security.org
General security news
---------------------
----------------------------------------------------------------------------
ANTI-VIRUS SOFTWARE FOR FUTURE PHONES RELEASED
Anti-virus company F-Secure revealed software designed to protect Symbian's
EPOC operating system. The EPOC operating system is licensed by major mobile
phone companies including Ericsson, Nokia, Motorola, Panasonic and Sony and is
expected to power future mobile Internet devices from these companies.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.zdnet.co.uk/news/2000/32/ns-17258.html
EPA'S WEB SECURITY STILL VULNERABLE TO ATTACKERS
A report released today by the General Accounting Office, the investigative arm
of Congress, found that the agency's system continues to be "riddled with security
weaknesses" that could allow attackers to tamper with data, view sensitive
information or attack other agencies using the EPA system.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://news.cnet.com/news/0-1005-200-2497497.html
CREDIT CARD INFORMATION EXPOSED ON WOOLWORTHS SITE
The personal information of two Woolworths customers, including their credit
card numbers, was inadvertently published on one of the company's Web pages,
according to a spokesman. The spokesman says that the information was up for
a few minutes and to Woolworths' knowledge no one has made fraudulent use of
the customer's credit card details.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.zdnet.co.uk/news/2000/31/ns-17267.html
ANOTHER MASSIVE NET ATTACK LOOMING?
Six months after devastating attacks took down the Web's biggest sites, MSNBC
has learned of new evidence that indicates it could easily happen again: A security
researcher has found 125,000 networks with the same flaw that allowed the attacks.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.msnbc.com/news/444815.asp
SAFEWAY SHOPPERS HIT BY E-MAIL HOAX
Safeway has become the latest company to suffer an Internet security breach
when customers were sent an e-mail appearing to come from the supermarket chain
advising them to shop elsewhere. Up to 1,000 customers telephoned to complain
Saturday after a hacker appeared to have accessed a Safeway database containing
details on 25,000 shoppers, The Sunday Times reported. The hoax e-mail - signed
"from the Safeway team'' and headed with the company's e-mail address -
announced a 25 percent price increase and told customers that if they were
unhappy they should shop at rivals Tesco or Sainsbury, the newspaper said.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.mercurycenter.com/svtech/news/breaking/internet/docs/302771l.htm
VERIZON SITE EXPOSED CUSTOMER DATA
Verizon Communications had to pull down a new customer service Web site
over the weekend when a private researcher discovered a security hole.
According to a report by SecurityFocus.com, users could gain access to personal
data simply by entering a customers' phone numbers. A Verizon spokesman said
few, if any, records were compromised and that the actual exposed information
was minimal.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.msnbc.com/news/445991.asp
EDMONTON-BASED SERVICE PROVIDER ATTACKED (DoS)
RCMP are working with the FBI to track down computer hackers who overloaded
an Edmonton-based Internet service provider yesterday, denying access to some
customers. Edmonton RCMP found the "denial of service" attack on OA Group Inc.'s
server that barred subscribers from logging on to their Internet accounts originated
in Chicago and they were working with the FBI to zero in on the culprit, said RCMP
Cpl. Gibson Glavin.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.canoe.ca/TechNews0008/15_hackers.html
NEW LOVE BUG TARGETS SWISS BANK
The virus, known as VBS/Loveletter.bd, is a variant of the original Love Letter
virus that circulated in May, and many versions have been created using the original
as a template.Computer virus variant steals bank passwords also.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.msnbc.com/news/447320.asp
HACKER DEFACES SITES IN NAPSTER'S NAME
Pro-Napster hacker "Pimpshiz" said Wednesday he has exploited a bug in Windows
NT to deface five dozen Web sites in the past two weeks, including NASA and the
French national library.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.zdnet.com/zdnn/stories/news/0,4586,2616266,00.html
SSH-AGENT - A TUTORIAL
"Security is best when it is handy. ssh-agent is pretty darn handy. Ssh-agent can
authenticate you to a remote machine via keypairs, rather than the traditional
hand-typed username/password combination, with no loss of security."
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.deadman.org/ssh-tut.html
CONFIGURE LINUX TO PRESENT PRE-LOGIN SECURITY WARNINGS
User ignorance continues to be a thorn in the side of Linux system administrators
trying to maintain a secure network. In this article, learn how to configure three
distributions, with or without KDE and GNOME, to display pre-login messages via
virtual consoles and over the network.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.linuxworld.com/linuxworld/lw-2000-08/lw-08-login.html
CONTEST
Attackers may be able to change the NetworkDoc Inc. site, but the only way
they'll get their hands on the cash prize is if they can defeat the company's
"anti-hacking" software and keep any changes made on the page until the end
of a 36-hour period. It's offering to pay them 1 million yen in cash if they can do it.
Contributed by Apocalyse Dow.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.mainichi.co..jp/english/news/archive/200008/19/news08.html
UPDATE ON BOHTTPD
Alexey Yarovinsky posted a patch for Netscape Communicator Java Security
bug (known trought BOHTTPD issue). Also, Deepquest posted that Brown Orifice
is patched by Netscape 4.75 that is available on Netscape web site.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.netscape.com/computing/download/index.html
CHARGES DROPPED AGAINST LOVE LETTER CREATOR
Prosecutors dismissed all charges filed against a former computer college student
accused of having released the "I Love You" computer virus that crippled email
systems worldwide.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://news.cnet.com/news/0-1005-200-2574585.html?tag=st.ne.1430735..ni
----------------------------------------------------------------------------
Security issues
---------------
All vulnerabilities are located at:
http://net-security.org/text/bugs
----------------------------------------------------------------------------
[TRUSTIX SECURE LINUX] PERL AND MAILX
We have now made availible updated perl and mailx packages that fix a local
security hole. The hole is the same as announced by Red Hat and others earlier.
Link: http://www.net-security.org/text/bugs/966786899,47817,.shtml
SOMETHING FOR WINDOWS NT/2000 ADMINISTRATORS
While this is not WindowsNT only related list, following relates to any of us,
because ignorancy of some webmasters running IIS (Internet Information Server)
4.0/5.0 is somehow exceeding acceptable level.
Link: http://www.net-security.org/text/bugs/966786981,97960,.shtml
RAPIDSTREAM VPN APPLIANCES ROOT COMPROMISE
RapidStream has hard-coded the 'rsadmin' account into the sshd binary in the
appliance OS. The account has been given a 'null' password in which password
assignment and authentication was expected to be handled by the RapidStream
software itself. The vendor failed to realize that arbitrary commands could be
appended to the ssh string when connecting to the SSH server on the remote vpn.
This in effect could lead to many things, including the ability to spawn a remote
root shell on the vpn.
Link: http://www.net-security.org/text/bugs/966787075,91011,.shtml
IRIX TELNETD VULNERABILITY
We've found a very severe vulnerability in the IRIX telnetd service that upon
successful exploitation can give remote root access to any IRIX 6.2-6.5.8[m,f]
system.
Link: http://www.net-security.org/text/bugs/966787254,79791,.shtml
HOTMAIL/MS INSTANT MESSENGER ISSUE
If you use a Hotmail account to log in to Instant Messenger, and your Hotmail
account gets cancelled, your contact (or 'buddy') list does not get cleaned. If
another person creates a Hotmail account using that name, they will have access
to your contact list, and will show up on any contact list you're a part of.
Link: http://www.net-security.org/text/bugs/966787305,704,.shtml
[MICROSOFT] "SPECIALIZED HEADER" VULNERABILITY
Microsoft has released a patch that eliminates a security vulnerability in
Internet Information Server that ships with Microsoft Windows 2000. Under
certain conditions, the vulnerability could cause a web server to send the
source code of certain types of web files to a visiting user.
Link: http://www.net-security.org/text/bugs/966787401,47490,.shtml
WATCHGUARD FIREBOX AUTHENTICATION DOS
Tested on the newest version of the Watchguard Firebox II (that was on the
22nd of June), but it is very likely that this bug exists in all prior versions that
include the authentication service (TCP port 4100).
Link: http://www.net-security.org/text/bugs/966787477,32791,.shtml
OS/2 WARP 4.5 FTP SERVER DOS
The FTP server that comes with OS/2 Warp 4.5 TCP/IP can be brought down
by a malicious connection attempt.
Link: http://www.net-security.org/text/bugs/966787531,9223,.shtml
A STATEFUL INSPECTION OF FIREWALL-1
At the Black Hat Briefings 2000, we presented an analysis of Check Point
FireWall-1 vulnerabilities resulting from protocol design flaws, problems in
stateful inspection, common or default misconfigurations, and minor
implementation errors discovered over the past few months in the lab, and
verified in real-world penetration tests.
Link: http://www.net-security.org/text/bugs/966787823,38015,.shtml
IMAIL WEB SERVICE REMOTE DOS ATTACK V.2
The following is a simple DoS we found while working on Retina's CHAM
(Common Hacking Attack Methods) HTTP auditing module which should be
released within the next two weeks within the new Retina 2.5.
Link: http://www.net-security.org/text/bugs/966788042,59933,.shtml
----------------------------------------------------------------------------
Security world
--------------
All press releases are located at:
http://net-security.org/text/press
----------------------------------------------------------------------------
LOCKSTEP ANNOUNCES NEW U.K. DISTRIBUTOR - [08.08.2000]
Lockstep Systems, Inc. today announced it has signed an agreement with
Brilaw International Ltd. to distribute WebAgain, its patent-pending Windows
utility that automatically fixes vandalized web sites.Brilaw International, located
in Stockport, England, will offer the WebAgain technology to its clients, providing
these companies with web site protection at a reasonable cost and considerable
ease of use. WebAgain is designed to solve the problems associated with web
site defacement by automating content verification, alteration discovery and the
correction process. It can detect any type of alteration, whether obvious or
subtle, and correct it without any need for user involvement.
Press release:
< http://www.net-security.org/text/press/965695799,32455,.shtml >
----------------------------------------------------------------------------
ANTIGEN CHOSEN FOR AV PROTECTION BY STATE OF MONTANA - [09.08.2000]
Sybari Software, Inc., the premier antivirus and security specialist for groupware
solutions today announced that Antigen for Microsoft Exchange was chosen to
protect the State of Montana's 10,000 Exchange users from the attackof harmful
email viruses. "In the three months that we've been running Antigen for Exchange,
we've been entirely pleased." said Hunter Coleman, ISD end user support,
State of Montana.
Press release:
< http://www.net-security.org/text/press/965772695,58042,.shtml >
----------------------------------------------------------------------------
ISSA SOUTH FLORIDA CHAPTER MEETING - [09.08.2000]
The South Florida Chapter of the Information Systems Security Association
(ISSA) will hold an afternoon seminar on Virtual Private Networks (VPN's) on
August 10th in Fort Lauderdale. VPN's allow an organization to take advantage
of the Internet's cost savings while maintaining the confidentiality of sensitive
information. The seminar runs from 3 to 6 PM and reservations are required.
The featured speaker for the seminar is Eric Henriksen, Senior Engineering
Manager for Red Creek Communications. He will discuss the landscape of the
evolving VPN marketplace, provide an overview of the IPSEC standard, and
discuss Red Creek's products.
Press release:
< http://www.net-security.org/text/press/965772851,13027,.shtml >
----------------------------------------------------------------------------
iDEFENSE OFFERS SECURITY EXPERTISE TO BULKREGISTER.COM - [10.08.2000]
iDEFENSE, a global cyber intelligence and risk management company, announced
an exclusive relationship with BulkRegister.com to provide the domain name
registrar cyber threat intelligence services as well as security policy and
procedure consulting. BulkRegister.com, the leading provider of wholesale domain
name registration services, will utilize iDEFENSE to enhance its overall security
awareness, both internally and with its rapidly growing client base.
Press release:
< http://www.net-security.org/text/press/965867583,18955,.shtml >
----------------------------------------------------------------------------
HOSTED ANTIVIRUS SERVICES FOR MICROSOFT EXCHANGE - [10.08.2000]
Trend Micro, Inc. (Nasdaq:TMIC), a leading provider of enterprise antivirus and
content security software for the Internet age, and Critical Path Inc., a global
provider of advanced Internet messaging solutions, today announced a
technology licensing agreement enabling Critical Path to offer its Hosted
Exchange customers email virus scanning as a value-added component of its
messaging service offering. In addition, both Critical Path and Trend Micro have
been working closely with Microsoft to deliver a secure hosted Exchange 2000
solution. Trend Micro and Critical Path intend that, as a result of this relationship,
organizations will be able to outsource their Exchange and Exchange 2000
messaging needs to Critical Path without having to worry about the threat of
computer viruses.
Press release:
< http://www.net-security.org/text/press/965867778,24068,.shtml >
----------------------------------------------------------------------------
SONICWALL WINS BLUE RIBBON AWARD - [10.08.2000]
SonicWALL, Inc., a leading provider of Internet security for broadband access
customers, today announced that its SonicWALL SOHO has earned Network
World Magazine's highest honor, the Blue Ribbon Award. SonicWALL SOHO
provides comprehensive protection from Internet security threats for
telecommuters, branch offices and small-office networks using always-on
broadband connections such as DSL and cable. SonicWALL SOHO outperformed
products from eSoft, Fortress Technologies, Global Technology Associates and
WatchGuard.
Press release:
< http://www.net-security.org/text/press/965867936,25567,.shtml >
----------------------------------------------------------------------------
DFI INVESTIGATES BIOMETRICS - [20.08.2000]
Will biometrics provide the answer to jangling key rings and password lists a
page long, or will it pave the way to letting "Big Brother" in at the doorstep?
DFI, in conjunction with SwannStreet Ventures analyzes the case for biometrics
in the latest report in their emerging technology market series. Biometrics, the
use of human physical or behavioral traits for identification, is gaining a high
profile as a possible solution for a variety of identification and authentication
needs, from computer to security to PIN-less ATMs. Analysts estimate the
authentication and biometrics market will grow to more than $4 billion by 2002,
from $1.3 billion in 1999.
Press release:
< http://www.net-security.org/text/press/966789752,28760,.shtml >
----------------------------------------------------------------------------
RAINBOW SIGNS NEW AGREEMENT FOR CRYPTOSWIFT - [20.08.2000]
Rainbow Technologies Inc., a leading provider of high-performance security
solutions for the Internet and e-commerce, Friday signed a new OEM agreement
to provide high-speed security acceleration for the next-generation Internet and
intranet server switches produced by a leading network equipment provider.
These network switches are used in a variety of business-to-business (B2B) and
business-to-consumer (B2C) e-commerce environments. The initial value of the
order is $5 million.
Press release:
< http://www.net-security.org/text/press/966789858,66257,.shtml >
----------------------------------------------------------------------------
Featured articles
-----------------
All articles are located at:
http://www.net-security.org/text/articles
Articles can be contributed to staff@net-security.org
Listed below are some of the recently added articles.
----------------------------------------------------------------------------
JAY BEALE AND THE BASTILLE LINUX PROJECT by Dave Wreski
Recently I got an opportunity to speak with Jay Beale, the Lead Developer of
the Bastille Project. Jay is the author of several articles on Unix/Linux security,
along with the upcoming book "Securing Linux the Bastille Way," to be published
by Addison Wesley. At his day job, Jay is a security admin working on Solaris
and Linux boxes.
Article:
< http://www.net-security.org/text/articles/lg_5.shtml >
----------------------------------------------------------------------------
AN OVERVIEW OF LINUX MAIL SOFTWARE by Jim Dennis
There are many packages that can supply standard mail services under Linux.
Basically the UNIX/Linux e-mail model involves MTA (mail transport agents),
MSA (mail storage/access agents) and MUAs (mail user agents). There are also
a variety of utilities that don't really quite fit in any of these categories...
Article:
< http://www.net-security.org/text/articles/lg_6.shtml >
----------------------------------------------------------------------------
YET ANOTHER "LOVELETTER" VARIATION PRETENDS TO BE A RESUME
by Kaspersky Lab
The virus, known under the name "I-Worm.LoveLetter.bd" is found in the wild.
To date Kaspersky Lab has received several reports about infections in
Switzerland and Russia. The virus uses a well-known psychological trick to make
the user open the infected file RESUME.TXT.VBS attached to an e-mail message
by offering the opportunity to view the resume of a Swiss Internet company,
which is looking for an Internet programmer.
Article:
< http://www.net-security.org/text/articles/viruses/resume.shtml >
----------------------------------------------------------------------------
Featured books
----------------
The HNS bookstore is located at:
http://net-security.org/various/bookstore
Suggestions for books to be included into our bookstore
can be sent to staff@net-security.org
----------------------------------------------------------------------------
THE ART OF INFORMATION WARFARE: INSIGHT INTO THE KNOWLEDGE
WARRIOR PHILOSOPHY
Information is a two edged sword that can both help and hinder modern society.
The Art of Information Warfare is the first common-sense primer on the subject
written for those interested in or requiring a practical orientation to the threats
and issues associated with today's Information Society from military, corporate,
and technical perspectives. Unlike many other publications and reports on the
subject, The Art of Information Warfare is written in plain, simple English and
avoids sensationalizing an already "hot" topic in the media today by accurately
presenting the facts and issues that affect everyone... not just the technoratti
or power users.
Book:
< http://www.amazon.com/exec/obidos/ASIN/1581128576/netsecurity >
----------------------------------------------------------------------------
DATABASE: PRINCIPLES, PROGRAMMING, AND PERFORMANCE, SECOND EDITION
A standard text for database designers and programmers, Database: Principles,
Programming, and Performance is out in a new edition. This latest version of the
detailed work of the O'Neils includes a new chapter on Object-Relational SQL
and its implementations in Oracle and Informix products. On top of that, the
authors have revised their chapters on basic and advanced SQL, and added
product-specific details (particularly having to do with Oracle, Informix, and I
BM DB2 database products) to most areas of their coverage. As a result of
these revisions, this book does a great job of balancing academic material
with practical examples.
Book:
< http://www.amazon.com/exec/obidos/ASIN/1558604383/netsecurity >
----------------------------------------------------------------------------
MCSE WINDOWS 2000 ACCELERATED STUDY GUIDE EXAM 70-240
(WINDOWS 2000 CERTIFICATION)
Provides detailed coverage of all the technical objectives require to pass the
Microsoft approved 2000 exam for current NT 4.0 MCSEs. Network Professionals
learn installing, configuring, and troubleshooting techniques. Increased annotated
visual screen shots, line art illustrates critical study points, photographs describe
complex points. CD-ROM contains tons of video clips for easier learning, Skill
Builder Software with more than 300 knowledge and scenario-based TEST
YOURSELF Personal Testing Center questions, simulation exam that completely
look and feel like the real exam.
Book:
< http://www.amazon.com/exec/obidos/ASIN/0072125004/netsecurity >
----------------------------------------------------------------------------
WINDOWS 2000 ACTIVE DIRECTORY
A typical section has to do with Replication Monitor, a diagnostic and observation
program that's part of the Windows 2000 Resource Kit. In this section, the
author first provides a quick statement of where Replication Monitor is and what
it does, then gives steps for using it. The author then goes through options -
synchronizing with a replication partner, checking Update Sequence Number
(USN), and so on - before listing a replication log and commenting a bit on it.
He repeats the strategy for scores of other features, capabilities, and utilities,
the result being a detailed document that assumes little on the part of the
reader. Topics covered: An overview of Active Directory's purpose and
architecture, followed by detailed guides to each of its features and capabilities.
Coverage deals with replication, security, users and groups, and systems
administration issues, such as installation.
Book:
< http://www.amazon.com/exec/obidos/ASIN/0072123230/netsecurity >
----------------------------------------------------------------------------
WINDOWS 2000 MAC SUPPORT LITTLE BLACK BOOK
When Windows people write about networking their computers, they often
forget the Macintosh entirely or relegate Mac connectivity to an afterthought
chapter. Not only is Windows 2000 Mac Support Little Black Book dedicated to
the issue of interoperability between Windows and the Mac, but it addresses
the connectivity problem from both ends of the wire. Gene Steinberg and Pieter
Paulson go into detail on what needs to be done to your Macs, as well as your
Windows NT 4 and Windows 2000 boxes, in order to bring about file sharing,
printer sharing, cross-platform database access, and application sharing. It's a
complete and carefully researched statement of configuration strategies, and
perfect for advertising houses, Web development shops, and other environments
in which large parts of the staff use the Mac.
Book:
< http://www.amazon.com/exec/obidos/ASIN/1576103889/netsecurity >
----------------------------------------------------------------------------
WINDOWS NT/2000 THIN CLIENT SOLUTIONS: IMPLEMENTING TERMINAL
SERVICES AND CITRIX METAFRAME
Windows NT, Terminal Server Edition is an extension to NT Server that allows
applications to run one centralized location while being presented on multiple
client devices. Designed to decrease total cost of ownership, when used in
conjunction with Citrix's MetaFrame product. TSE has also resulted in dramatic
(500% or more) performance increase in standard NT administration tools and
some database applications. A new edition is necessary to document this new
functionality, and also the challenges that system architects will have to address
as they design their W2K networks and then transition from Windows NT to W2K.
This edition follows the organization of the previous edition, but includes changes
to discussions affected by W2K's release, including coverage of scalability and
security.
Book:
< http://www.amazon.com/exec/obidos/ASIN/1578702399/netsecurity >
----------------------------------------------------------------------------
Defaced archives
------------------------
[06.08.2000] - Odeon Networking
Original: http://odeon.net/
Defaced: http://www.attrition.org/mirror/attrition/2000/08/06/odeon.net/
[06.08.2000] - Malaysian Housing and Development Commission
Original: http://hdc.gov.my/
Defaced: http://www.attrition.org/mirror/attrition/2000/08/06/hdc.gov.my/
[06.08.2000] - The Korean Society of Pathologists
Original: http://www.pathology.or.kr/
Defaced: http://www.attrition.org/mirror/attrition/2000/08/06/www.pathology.or.kr/
[06.08.2000] - Internet Business Ireland
Original: http://feynman.ibi.ie/
Defaced: http://www.attrition.org/mirror/attrition/2000/08/06/feynman.ibi.ie/
[06.08.2000] - World Wide Web Associates
Original: http://www.wwwa.com/
Defaced: http://www.attrition.org/mirror/attrition/2000/08/06/www.wwwa.com/
[07.08.2000] - Instituto Nacional de Investigación y Capacitación de Telecomunicaciones
Original: http://dep.inictel.gob.pe/
Defaced: http://www.attrition.org/mirror/attrition/2000/08/07/dep.inictel.gob.pe/
[07.08.2000] - Deesan Infotech
Original: http://www.deesan.com/
Defaced: http://www.attrition.org/mirror/attrition/2000/08/07/www.deesan.com/
[07.08.2000] - Centrum pro Demokracii a Svobodne Podnikani
Original: http://www.cdfe.cz/
Defaced: http://www.attrition.org/mirror/attrition/2000/08/07/www.cdfe.cz/
[08.08.2000] - CERN - European Laboratory for Particle Physics
Original: http://vsnhd1.cern.ch/
Defaced: http://www.attrition.org/mirror/attrition/2000/08/08/vsnhd1.cern.ch/
[09.08.2000] - Involved ISP
Original: http://www.involved.com/
Defaced: http://www.attrition.org/mirror/attrition/2000/08/09/www.involved.com/
[09.08.2000] - National Library of Medicine SIS5 Server, NIH
Original: http://sis5.nlm.nih.gov/
Defaced: http://www.attrition.org/mirror/attrition/2000/08/09/sis5.nlm.nih.gov/
[09.08.2000] - Application Design Consultants
Original: http://www.appdc.com/
Defaced: http://www.attrition.org/mirror/attrition/2000/08/09/www.appdc.com/
[11.08.2000] - @!#$ Microsoft
Original: http://www.fuckmicrosoft.net/
Defaced: http://www.attrition.org/mirror/attrition/2000/08/11/www.fuckmicrosoft.net/
[11.08.2000] - Global Aviation India
Original: http://www.globalaviationindia.com/
Defaced: http://www.attrition.org/mirror/attrition/2000/08/11/www.globalaviationindia.com/
[13.08.2000] - Armenian Drug and Medical Technology Agency
Original: http://www.pharm.am/
Defaced: http://www.attrition.org/mirror/attrition/2000/08/13/www.pharm.am/
[14.08.2000] - US Office of Surface Mining
Original: http://cdrnet.osmre.gov/
Defaced: http://www.attrition.org/mirror/attrition/2000/08/14/cdrnet.osmre.gov/
[14.08.2000] - Mitsubishi Electric Automation, Inc.
Original: http://www.meau.com/
Defaced: http://www.attrition.org/mirror/attrition/2000/08/14/www.meau.com/
[14.08.2000] - U.S. Mobile Services Inc.
Original: http://www.usmobile.com/
Defaced: http://www.attrition.org/mirror/attrition/2000/08/14/www.usmobile.com/
[15.08.2000] - Honda (UK)
Original: http://www.honda.co.uk/
Defaced: http://www.attrition.org/mirror/attrition/2000/08/15/www.honda.co.uk/
[16.08.2000] - Comision Nacional de Bancos y Seguros
Original: http://www.cnbs.gov.hn/
Defaced: http://www.attrition.org/mirror/attrition/2000/08/16/www.cnbs.gov.hn/
[17.08.2000] - Inside AOL, ill-networking
Original: http://www.inside-aol.com/
Defaced: http://www.attrition.org/mirror/attrition/2000/08/17/www.inside-aol.com/
[17.08.2000] - Indiana State Government
Original: http://lotus.doe.state.in.us/
Defaced: http://www.attrition.org/mirror/attrition/2000/08/18/lotus.doe.state.in.us/
[18.08.2000] - Indiana State Government
Original: http://lotus.doe.state.in.us/
Defaced: http://www.attrition.org/mirror/attrition/2000/08/18/lotus.doe.state.in.us/
[19.08.2000] - www.nasjax.navy.mil
Original: http://www.nasjax.navy.mil/
Defaced: http://www.attrition.org/mirror/attrition/2000/08/19/www.nasjax.navy.mil/
[19.08.2000] - Commonwealth Telecommunications Organisation
Original: http://www.cto.int/
Defaced: http://www.attrition.org/mirror/attrition/2000/08/19/www.cto.int/
[19.08.2000] - www.pravos.hr
Original: http://www.pravos.hr/
Defaced: http://www.attrition.org/mirror/attrition/2000/08/19/www.pravos.hr/
[20.08.2000] - toyota.gsfc.nasa.gov/
Original: http://toyota.gsfc.nasa.gov/
Defaced: http://www.attrition.org/mirror/attrition/2000/08/20/toyota.gsfc.nasa.gov/
----------------------------------------------------------------------------
Questions, contributions, comments or ideas go to:
Help Net Security staff
staff@net-security.org
http://net-security.org