Do you want to know how Mitnick got defaced?

    Date11 Feb 2003
    CategoryHacks/Cracks
    4149
    Posted ByAnthony Pell
    Do you want to know how Mitnick got defaced? The true story behind the hack. To deface Mitnick's site it was enough to go on your windows desktop, create a new webfolder and name it with www.defensivethinking.com. . . Do you want to know how Mitnick got defaced? The true story behind the hack. To deface Mitnick's site it was enough to go on your windows desktop, create a new webfolder and name it with www.defensivethinking.com.

    On January 30th 2003, hacker BugBear defaced Mitnick's website at DefensiveThinking: http://www.zone-h.org/defaced/2003/01/30/www.defensivethinking.com/hacked.html

    We at Zone-H dug a little bit and discovered how the site was defaced.

    The attacker simply took advantage from the fact that DefensiveThinking administrator forgot to set up the policies for Frontpage extensions.

    To deface Mitnick's site it was enough to go on your windows desktop, create a new webfolder and name it with www.defensivethinking.com. The lack of security set to Frontpage allowed the attacker to view the entire DefensiveThinking websystem as a folder of the attacker windows computer. To deface the webpage it was enough to create an HTML file with the defacement message and drag&drop it into the newly created webfolder. As simple as told.

    This configuration mistake allowed the attacker to view, browse, read all the files in DefensiveThinking's web structure. When Mitnick, interrogated by friends at The Register stated: "The compromised computer is a public system on a network separate from production systems at Defensive Thinking. No customer information was released nor was in danger of being compromised", we really hope it went in that way.

    More on the Permissions Problems with FrontPage Extensions at http://www.ciac.org/ciac/bulletins/k-048.shtml .

    You are not authorised to post comments.

    LinuxSecurity Poll

    What is your favorite LinuxSecurity.com feature?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /component/communitypolls/?task=poll.vote&format=json
    17
    radio
    [{"id":"65","title":"Feature articles","votes":"0","type":"x","order":"1","pct":0,"resources":[]},{"id":"66","title":"News","votes":"1","type":"x","order":"2","pct":100,"resources":[]},{"id":"67","title":"HOWTOs","votes":"0","type":"x","order":"3","pct":0,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.