Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Information-Security-News
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ISN] Provo patching security after hackers sack site

from [InfoSec News] Network Security [Permanent Link]
Subject: [ISN] Provo patching security after hackers sack site
Date: Thu, 17 Nov 2005 01:25:48 -0600 (CST) 
http://www.harktheherald.com/modules.php?op=modload&name=News&file=article&sid=68932

Rashae Ophus Johnson 
DAILY HERALD
November 16, 2005 

It posed more of a nuisance than a security hazard when someone hacked
into Provo's city Web site Saturday, but it prompted renewed vigilance
in patching vulnerabilities elsewhere on the city network.

"We didn't feel like we were much of a target -- why would anyone want
to hack into the Provo city Web site?" said Robert Ridge, director of
information systems. "Now that it's happened, I guess it's a higher
priority than we thought."

The city's Web server is not connected to any computers with access to
private information such as personnel files, Ridge said. Technology
staff traced the breach to an old version of the Samba software
program that never was removed from that computer after the city quit
using it. When the vendor released notification of a vulnerability and
offered a "patch," city technology staff didn't know Samba still
lingered on the one server and thus overlooked the warning.

Hackers write programs that crawl the Internet, searching for systems
with newly publicized vulnerabilities, and one such person --
apparently a subscriber of a high-speed cable provider in Canada --
infiltrated Provo's site Saturday morning.

"This is a constant cat-and-mouse game," Ridge said. "It's always a
race to whether they find the vulnerability and exploit it first, or
we patch it first."

The hacker replaced Provo's Web pages with different pages and posted
a sarcastic message of something like, "So sorry, you've been hacked."

City technology staff spent a few hours reverting the pages back to
the originals, and www.provo.org was operating properly again by 4
p.m. Saturday.

"It was purely a nuisance. They got no information or other gain. They
didn't leave their name so they didn't even get any notoriety," Ridge
said. "All they did is deny the people of Provo and the people of the
world access to our Web site."

Ridge said Provo city's servers don't store much private information
beyond some personnel records, but his staff still is scouring the
servers for other possible breaches.

"This has been kind of a wake-up call, and now we think we know of
other things we can do to strengthen our security," Ridge said. With
no resulting damage, "I guess in a way they did us a favor in making
us be more vigilant."



_________________________________________
Earn your Master's degree in Information Security ONLINE
www.msia.norwich.edu/csi
Study IA management practices and the latest infosec issues.
Norwich University is an NSA Center of Excellence.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [ISN] Provo patching security after hackers sack site, InfoSec News <=
Previous by Date:  [ISN] DOD to hold security stand-down, InfoSec News
Next by Date:  [ISN] Wireless woes exaggerated, says study, InfoSec News
Previous by Thread:  [ISN] DOD to hold security stand-down, InfoSec News
Next by Thread:  [ISN] Wireless woes exaggerated, says study, InfoSec News
Indexes:  [Date] [Thread] [Top] [All Lists]