Security News > 2001 > June > European 'safer Internet' site hit by hackers
http://www.computerworld.com/cwi/story/0,1199,NAV47_STO61171,00.html.html By JORIS EVERS IDG NEWS SERVICE June 07, 2001 Hackers embarrassed the European Commission this week by identifying and exploiting two security holes on a new commission-sponsored Web site that promotes safer use of the Internet. One of the holes allowed the hackers to get administrator privileges on the server that powers the Safer Internet Exchange site, according to a security analyst who asked not to be identified. The other flaw involved an e-mail distribution list that was left unsecured, allowing intruders to retrieve the names and e-mail addresses of the people on the list. Tara Morris, project manager for the Web site and a consultant at Birmingham, England-based Ecotec Research and Consulting Ltd., said the two holes were both plugged yesterday morning. The incident is still being investigated, he added, while declining to detail how deeply the hackers were able to penetrate the affected server. Morris didn't specify the security flaw that provided access to the e-mail distribution list, which has about 600 subscribers. He said the other hole was linked to a known vulnerability in Microsoft Corp.'s Index Server software, which provides the behind-the-scenes functionality needed to do searches of Web sites that are powered by Windows-based servers. The Safer Internet Exchange site was officially launched last month by the Brussels-based commission, which functions as the executive body of the 15-member European Union. The Web site is part of a broad campaign to make the Internet safer for European citizens and businesses, and Morris said it's specifically aimed at helping to eradicate illegal and harmful Internet content. The disclosure of the security flaws came just one day after the European Commission said it has started developing an antihacking law as part of a series of proposals that are meant to increase the level of information security in the region. Other steps being considered include the creation of a central virus-fighting unit and increased cooperation among national computer emergency response teams in different countries. ISN is hosted by SecurityFocus.com --- To unsubscribe email isn-unsubscribe () SecurityFocus com
News URL
http://www.computerworld.com/cwi/story/0,1199,NAV47_STO61171,00.html.html