Security News > 2000 > November > Website hacked after nine million attempts
[Young Mr. Vranesevich must be taking correspondence courses from the same school that churns out Microsoft spokespeople, Since it was a little more two days over the thirty minutes that Antionline reports that it was offline. -WK] Andrew Craig Oct. 31, 2000 The security information site that was hacked into over the weekend said it was the first successful attack out of nine million previous attempts. As reported by vnunet.com on Monday, a hacker known as n1nor broke into the AntiOnline site, replacing its front page with a messaging boasting about the attack. AntiOnline is a well known target for hackers. AntiOnline has since provided its side of the story in which its founder, John Vranesevich, said the site was only down for 30 minutes and none of its research or internal databases were at risk. "Well, after an estimated nine million hack attempts against our primary domain, www.AntiOnline.com, someone finally managed to deface it," Vranesevich said in a message posted on the AntiOnline site. "We at AntiOnline have enjoyed all that the past nine million hack attempts have taught us about the nature of system intrusion, and look forward to what the next nine million has in store for us," he added. Vranesevich said the vulnerability related to the way its "QuickTips CGI" parsed data fed to it by end users. "With over 65 different CGIs that run our network of sites, we neglected to have this single CGI sub itself to our central parsing scripts which thwart tens of thousands CGI based attacks each week. In other words, "Oops! My fault!"." n1nor, who in the defacement said: "I could have sworn this site was deemed unhackable," was credited by Vranesevich for cracking AntiOnline's defences - which security experts have said are usually very tight. "The dedication and amount of time that you [n1nor] spent discovering and exploiting this vulnerability is as impressive as it is scary," said Vranesevich in his message. *==============================================================* "Communications without intelligence is noise; Intelligence without communications is irrelevant." Gen Alfred. M. Gray, USMC ================================================================ C4I.org - Computer Security, & Intelligence - http://www.c4i.org *==============================================================* ISN is hosted by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".