Return-Path: <sentto-279987-4893-1024977267-fc=all.net@returns.groups.yahoo.com> Delivered-To: fc@all.net Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Mon, 24 Jun 2002 20:56:17 -0700 (PDT) Received: (qmail 11333 invoked by uid 510); 25 Jun 2002 03:54:21 -0000 Received: from n3.grp.scd.yahoo.com (66.218.66.86) by all.net with SMTP; 25 Jun 2002 03:54:21 -0000 X-eGroups-Return: sentto-279987-4893-1024977267-fc=all.net@returns.groups.yahoo.com Received: from [66.218.67.197] by n3.grp.scd.yahoo.com with NNFMP; 25 Jun 2002 03:54:27 -0000 X-Sender: fc@red.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-8_0_3_2); 25 Jun 2002 03:54:27 -0000 Received: (qmail 14856 invoked from network); 25 Jun 2002 03:54:27 -0000 Received: from unknown (66.218.66.218) by m4.grp.scd.yahoo.com with QMQP; 25 Jun 2002 03:54:27 -0000 Received: from unknown (HELO red.all.net) (12.232.72.152) by mta3.grp.scd.yahoo.com with SMTP; 25 Jun 2002 03:54:27 -0000 Received: (from fc@localhost) by red.all.net (8.11.2/8.11.2) id g5P3tVp20389 for iwar@onelist.com; Mon, 24 Jun 2002 20:55:31 -0700 Message-Id: <200206250355.g5P3tVp20389@red.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL3] From: Fred Cohen <fc@all.net> X-Yahoo-Profile: fcallnet Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Mon, 24 Jun 2002 20:55:31 -0700 (PDT) Subject: [iwar] [fc:Kremlin.Site.Vulnerable.to.Attack] Reply-To: iwar@yahoogroups.com Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Spam-Status: No, hits=3.2 required=5.0 tests=RISK_FREE,FREE_MONEY,DIFFERENT_REPLY_TO version=2.20 X-Spam-Level: *** Kremlin Site Vulnerable to Attack <a href="http://www.wired.com/news/technology/0,1282,53412,00.html">http://www.wired.com/news/technology/0,1282,53412,00.html> Wired News By Brian McWilliams 11:28 a.m. June 21, 2002 PDT Potentially millions of websites -- including the new, reportedly invincible home page of Russian President Vladimir Putin -- may become easy prey for hackers if their administrators don't promptly upgrade their software. The new Kremlin site, launched Thursday, underwent three months of testing to ensure it is "almost hacker-proof," according to a Reuters story published Friday. The report said almost 100 hackers attempted to break into Putin's site in its first 24 hours of operation. But independent tests of the Russian president's website revealed Friday that it was running an outdated version of the popular Apache Web server that could be vulnerable to a recently discovered security bug. Data provided by research firm Netcraft showed that Putin's site was using the Red-Hat Linux operating system with Apache version 1.3.20. Netcraft's data was corroborated by a security scanner from eEye Digital Security, which examines a Web server's "banner" to determine if it is vulnerable to the Apache flaw, according to chief hacking officer Marc Maiffret. On Monday, the U.S. government-funded Computer Emergency Response Team warned that a security flaw in Apache versions 1.2.2 through 1.3.24 could allow remote attackers to execute malicious programs on vulnerable servers. The Apache Software Foundation has advised administrators to upgrade immediately to the latest version of the Web server software that is not prone to the "chunked-encoding" bug. In use on more than 10 million active websites, Apache is the most popular Web server used on the Internet, with over 60 percent market share, according to Netcraft. The program runs on several Unix-based operating systems as well as on Microsoft's Windows. The security of some Apache sites was especially threatened Wednesday when a research group called Gobbles Security released a tool designed to allow attackers to take control of unpatched Apache installations running on the OpenBSD operating system. A Gobbles representative told Wired News Friday that the group intends to publish a new version of the program that additionally exploits the Apache flaw on unpatched FreeBSD and NetBSD machines "with a 100 percent success rate." Gobbles said it also has developed, but not publicly released, exploits for the Sun Solaris and Linux operating systems. Officials at Ayaxi, the Moscow firm that developed Putin's site, were not immediately available. According to Netcraft, more than a dozen websites operated by the Russian Federation were also running unpatched versions of Apache. Representatives of the Russian Government Internet Network did not immediately respond to requests for information. Following the release of Gobbles' "Apache-Scalp" program, SecurityFocus.com raised its "ThreatCon Rating" to Level 3, the first time the security information firm has issued such a warning since the Nimda worm hit the Internet last September. ------------------------ Yahoo! Groups Sponsor ---------------------~--> Free $5 Love Reading Risk Free! http://us.click.yahoo.com/3PCXaC/PfREAA/Ey.GAA/kgFolB/TM ---------------------------------------------------------------------~-> ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2003-08-24 02:46:33 PDT