Previous Thread
Next Thread
Print Thread
Rate Thread
Joined: Feb 2003
Posts: 7
C
Crackle Offline OP
Junior Member
OP Offline
Junior Member
C
Joined: Feb 2003
Posts: 7
Previously undiscovered flaw used to attack Army Web site.

A computer intruder armed with a secret, particularly effective attack tool recently took control of an Army Web server, MSNBC.com has learned. Both Microsoft and the CERT Coordination Center released hastily-prepared warnings about the vulnerability that led to the attack on Monday. But it was a disturbingly successful attack, experts say, because the intruder found and exploited a flaw that took security researchers completely by surprise.

IT'S UNKNOWN WHAT Army computer was attacked, how significant a target it was, or what the intruder's intentions were. But the exploit was sophisticated and well designed, and it was alarmingly successful, said Russ Cooper, security researcher for TruSecure Corp. The company learned of the attack through sources in the U.S. military last Tuesday, Cooper said.
"We believe the Army was being targeted," Cooper said. "We don't believe anybody else has been targeted by this."

Another source told MSNBC.com that several Web sites with ".mil" domain names have recently been targeted with the same attack method.

Microsoft's director of security assurance, Steve Lipner, confirmed that several customers were hit with the attack last week, but he refused to identify them.

(MSNBC is a Microsoft - NBC joint venture.)

Lipner said about 100 employees worked "around the clock" last week, and through the weekend, to develop an emergency fix.

Call to the U.S. Army's press office weren't immediately returned.

While the timing of the revelation could raise suggestions that the attack might be connected to the potential armed conflict between the United States and Iraq, there is no reason to connect the two events, Cooper said.

The flaw was made worse by the fact it took computer security experts by surprise. Most of the time, software vulnerabilities are discovered by researchers, who publish them and give computer administrators time to defend against the flaw. But this time, the "bad guys" knew about it first -- leaving any computer helpless to the attack.

"Having attacks reported to us where there's a vulnerability for which there isn't a patch is very unusual," Lipner said.

In the computer security world, such secret vulnerabilities are called "zero-day exploits." It's been at least a year since a significant zero-day exploit was revealed, said Chris Rouland, director of Internet Security Systems' X-Force research team. Because hackers have the upper hand in this vulnerability, "this has a very high degree of urgency," Rouland said.

The flaw allows an attacker to break into computers running Microsoft's Windows 2000 operating system and Microsoft's Internet Information Service Web server product -- probably the most popular configuration for Web servers running Microsoft software, Rouland said. All machines are vulnerable by default.

Administrators are advised to immediately install a patch that was quickly developed by Microsoft. It is available for freeat the company's Web site.

CERT's warning about the flaw is sober. "Any attacker who can reach a vulnerable Web server can gain complete control of the system," it says. "Note that this may be significantly more serious than a simple 'Web defacement.'"

Shawn Hernan, Vulnerability Handling Team leader for CERT, described the problem as a "first-class vulnerability" because it allows attackers to take control of a machine from anywhere on the Internet. He said there were "rumors circulating" that it had already been used to attack computers, but "we wouldn't comment on that."

The most intriguing part of the attack is that its developer chose to use it to break into U.S. military computers. Also intriguing was a cryptic message left on the attacked computer that read "Welcome to the Unicorn beachhead," Cooper said.

"I think whoever discovered it had an intent in mind," he said. "If they just wanted to deface a Web site, they would have done that to the first box they found. But they were doing network mapping. They found a weak link somewhere, and wanted to get deeper inside by continuing to probe."

Full Story

Lata,
Crackle

Joined: Sep 2002
Posts: 129
Member
Offline
Member
Joined: Sep 2002
Posts: 129
WoW...

(Damn that must be complicated)


*ZmaJL*

Link Copied to Clipboard
Member Spotlight
Phatal
Phatal
Houston, TX
Posts: 298
Joined: April 2004
Forum Statistics
Forums41
Topics33,840
Posts68,858
Average Daily Posts1
Members2,176
Most Online3,253
Jan 13th, 2020
Latest Postings
Where and how do you torrent?
by danni75 - 03/01/24 05:58 AM
Animation,
by JohanKaariainen - 08/15/19 01:18 AM
Blackbeard.....
by Gremelin - 10/03/18 07:02 PM
my old account still exists!
by Crime - 08/10/18 02:47 PM
Okay WTF?
by HenryMiring - 09/27/17 01:45 AM
The History Thread...
by Gremelin - 08/11/17 12:11 PM
My friend NEEDS your HELP!
by Lena01 - 07/21/17 12:06 AM
I'm having fun with this guy.
by gabithompson730 - 07/20/17 01:50 AM
I want to upgrade my phone
by gabithompson730 - 07/20/17 01:49 AM
Doom 3
by Cyrez - 09/11/14 08:58 PM
Amazon Gift Card Generator/KeyGen?te
by Gecko666 - 08/22/14 09:21 AM
AIM scene 99-03
by lavos - 09/02/13 08:06 AM
Planetside 2
by Crime - 03/04/13 07:10 AM
Beta Testers Wanted
by Crime - 03/04/13 06:55 AM
Hello Everyone
by Gremelin - 02/12/12 06:01 PM
Tracfone ESN Generator
by Zanvin Green - 01/18/12 01:31 PM
Python 3 issue
by Testing - 12/17/11 09:28 PM
tracfone airtime
by Drache86 - 07/30/11 03:37 AM
Backdoors and the Infinite
by ZeroCoolStar - 07/10/11 03:52 AM
HackThisZIne #12 Releaseed!
by Pipat2 - 04/28/11 09:20 PM
gang wars? l33t-wars?
by Gremelin - 04/28/11 05:56 AM
Consolidate Forums
by diggin2deep - 04/21/11 10:02 AM
LAN Hacking Noob
by Gremelin - 03/12/11 12:42 AM
Top Posters
UGN Security 41,392
Gremelin 7,203
§intå× 3,255
SilentRage 1,273
Ice 1,146
pergesu 1,136
Infinite 1,041
jonconley 955
Girlie 908
unreal 860
Top Likes Received
Ghost 2
Cyrez 1
Girlie 1
unreal 1
Crime 1
Powered by UBB.threads™ PHP Forum Software 7.7.5