OS Commanding

The interesting report in ZDnet about the cyber war around Kosovo is unique in describing the process. According to the report hacker groups on each side share information in order to make attacks more efficient. Some collect vulnerable web sites, while others use automatic defacement tools to attack.

On the positive side, the report states that at the time of writing, there is a ceasefire and parties are negotiating. Is there room for cyber peace along side cyber war?

This gem is very interesting since it happened on Gentoo servers. It therefore combines transparency into the incident that only an open source project can offer with the importance and resource of a large one. As a result we have a detailed report about the vulnerability, exploit attempts and event people shouting at each other during the patching process.
What can we learn from this? That no server is secure, and that patching is hard.

Additional information:

A command injection vulnerability at 1&1, a large German hosting provider, lead to denial of service and possible home page modification at 30 servers and up to 1700 web sites.

Additional information:

• Server hacked through holes in Confixx management software [Heise Security, Aug 1 2007]

A hacker successfully abuse a vulnerability in Horde to penetrate a site owned by the National Security Agency of the Slovak Republic

Additional information:

• Narodny Bezpecnostny Urad pwn3d (Slovak with Code Snippets [Blackhole.sk, Apr 25 2006]
• National Secret Agency of Slovak Republic [Incidents Mailing List, Apr 26 2006]

Executing local commands using URL parameters

Additional information:

• Inforeading.com Defacement [Personal Site, Dec 15 2000]

Worm used Google to locate sites vulnerable to OS

Additional information:

• Santy worm makes unwelcome visit [BBC, Dec 22 2004]
• Santy worm defaces websites using php bug [Sans Storm Center, Dec 21 2004]

phpBB worm

Additional information:

• PHP Scripts Automated Arbitrary File Inclusion [Vulnerabiliy Publisher's Site, Dec 25 2004]
• New Variant of Santy Worm Spreads [PC World, Dec 27 2004]
• Santy.E worm poses threat to sites badly coded in PHP [Computer World, Dec 27 2004]

Details remain sketchy, but news reports include social engineering, a guessable secret question for password recovery, and a known vulnerability is BEA WebLogic

Additional information:

Sites where defaced by utilizing an issue in an XMLRPC library used by PHP

Additional information:

• Brazilian defacers hack hundreds of Stanford University web sites [Zone-H, Aug 21 2005]

Exploited unpatched Twiki

Additional information:

• Promotional Firefox community site hacked (again) [ARStechnica, Oct 4 2005]
• SpreadFirefox.com Community Website Hacked Once Again [ARStechnica, Oct 4 2005]