|
|
|
Time To Mirror? The 98FM website was not functioning today. The welcome page announced that it was "off-line temporarily for some crucial mainteanance." It had been cracked a number of times over the last week. The other Irish sites affected recently seemed to have restored their webservice. The problem is that many of these sites did not consider security to be high in the list of their priorities. Apart from www.eircom.net the sites affected recently are all running Microsoft's IIS/4.0. While this is not a death sentence for a website, many installations of Microsoft's IIS are not secured. The scripts that led to the latest cracks have been in circulation for some time. It is believed that a flaw in the installation of the Remote Data Services element of the IIS left the affected sites open. The problem is that many other sites are expected to be vulnerable as well. Time To Mirror? The run of site cracks continued over the weekend with Cork Institute of Technology (www.cit.ie), Softpath (www.softpath.ie) and apparently 98FM being cracked again. The same defaced page (local mirror) appeared on all three sites though there is no independent confirmation on the 98FM crack yet, the site was returning a 404 message for the index page early this morning indicating that the defaced page and the normal root page had apparently been deleted. This time the crack was attributed to eircom, which of course is not the Telco that was cracked on Friday. These sites have one thing in common apart from the obvious. They all use Microsoft IIS 4.0. This seems to be the most frequently cracked webserver though the Eircom.net webservers were running Apache. The disturbing thing is that these new cracks include a link to HackWatch as the place where they get famous. More Sites Affected? More Irish sites were unreachable this morning. 98FM's website was timing out again. Having been cracked at least three times this week (Mirrors of the defaced pages are on these external links: FM104 and r4in), it is possible that this timeout situation is due to the station trying to improve security on its website. The website of RTE, the Irish state broadcaster is also timing out though it is probably a scheduled overhaul as it is believed that some work is being done on the webdesign. In the present situation, all site owners are nervous. Many Irish sites are worried over the high profile cracks on www.eircom.net and www.98fm.ie. Though Eircom's servers were down for six hours, they are now back in service. 98FM seems to be being repeatedly targeted. There is some speculation as to whether the crackers of the Eircom site and the 98FM sites are the same. The defaced pages for the 98FM cracks were very simple HTML. However the Eircom.net one appeared more complex and it included this line "<meta name="GENERATOR" content="Mozilla/4.61 [en] (X11; I; FreeBSD 3.3-RELEASE i386) [Netscape]">" It also appeared to be slagging FM104. Dead Tree Coverage Press coverage of the Eircom crack has been somewhat patchy. The crack meant that Eircom.net's webservices were down for approximately six hours yesterday. It seems that the Irish Times newspaper missed the story completely. It did not even make it into the "Breaking News" section of its electronic edition. The Examiner has covered it with one major glaring mistake. The reporter, John Carroll, managed to misquote an off the record comment as " a lot of people are glad that eircom got hacked as people's phone bills will get mixed up." The exact quote was that "a lot of people are glad that Eircom got cracked for the simple reason that they have phonebills." This character managed to misquote an Off The Record comment and thus had me saying that the billing system would be affected by this crack, which of course is ridiculous since they are separate systems. [The story on the Examiner webpage has since been corrected.] Dead Eire The website for Eircom's ISP has been cracked. Anyone browsing the site at lunch time Friday would have come across the following text: "fm104 str1k3 ag41n" A local mirror of the hacked page available. At 1325 Hrs, the site was pulled. Webservice was returned at approximately 1930 Hrs. This event is quite a blow to the professional image that Eircom is trying to present to the world. It is the first time that a national Irish ISP has been hacked in such a high profile manner. It now appears that all of the virtual servers on Eircom's site have been pulled as a result of this crack. Anyone trying to access www.eircom.net now gets a 403 message which reads "You don't have permission to access /index.html on this server.". Ironically the crackers had no such problems earlier. Dead Air According to a report on www.attrition.org Dublin radio station 98FM's website was cracked yesterday. The following message was left on the site: "HACKED BY FM104 FM104 ARE THE 0NLY STATI0N W0RTHY 0F THE RADI0 WAVEZ N3V3R MIND THE INT3RNET. THIS SITE WAS H4QD JUST T0 SH0W TH4T FM104 ARE IN POWAH 0F THE N3T AND THE RADI0.WE HAVE A M0N0P0LY ON THE MARKET AND WE A1NT G0NNA LET IT G0. H4QD BY FM104" The site is a relatively high profile one and boasts a hit count of over ten million and the crack Apparently the site was, and is running on the Microsoft IIS webserver. Normal webservice has been restored.
|
|
|
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
|
|
|
Recommended |
|
|
|
|
|
|
|
|
|
