From: pjb@ny.ubs.com
Date: Wed, 9 Oct 1996 02:29:51 +0800
To: cypherpunks@toad.com
Subject: Recent Web site cracks
Message-ID: <199610081346.JAA09181@sherry.ny.ubs.com>
MIME-Version: 1.0
Content-Type: text/plain


The recent cracks of the DOJ, CIA and Dole web sites have caused me to think 
about just what is going on here.

Do you suppose that these entries were made via the httpd route, maybe via 
cgi-bin, or just a straight telnet-type entry to the server?  I don't know 
what operating systems were involved with these three systems, or even if it 
was the same in all cases.  I expect that there have been other such break-ins 
that we have not heard about.

The speed with which the attacks are made, and the completeness of the hack 
seems to indicate that someone knows something.

As a long-time Unix Sys Admin, I am aware that most security holes are due 
to piss-poor administration, with a few system holes that may be exploited 
by the reasonably sophisticated, but I am not aware of any glaring holes in 
the httpd code.  I suppose it's  stupid of me to think this, but I would have 
though that these three sites in particular, would have cleaned-up their act 
in this respect.

I suppose that it is possible that there is a route back, through the browser, 
but this doesn't seem very likely, even with a thoroughly hacked, custom browser.

Does anyone have any ideas about these attacks, how and where the entry was 
made, which operating systems were involved, etc?

Cheers,

	-paul