Meghekkelték az Apache.orgot
A támadás deface akció volt (lecserélték a bejelentkező honlapot). A támadás leírását itt a hwsw.hu-n olvashatjátok, de csak holnap. Addig itt a bevezetője a leírásnak:
How we defaced www.apache.org by {} and Hardbeat /* * Before you start reading */ This paper does _not_ uncover any new vulnerabilities. It points out common (and slightly less common) configuration errors, which even the people at apache.org made. This is a general warning. Learn from it. Fix your systems, so we won't have to :) /* * introduction */ This paper describes how, over the course of a week, we succeeded in getting root access to the machine running www.apache.org, and changed the main page to show a 'Powered by Microsoft BackOffice' logo instead of the default 'Powered by Apache' logo (the feather). No other changes were made, except to prevent other (possibly malicious) people getting in.
A hekkelés nem az Apache szerver biztonsági hibáját használta ki, hanem egy hibás konfigot.
How we defaced www.apache.org by {} and Hardbeat /* * Before you start reading */ This paper does _not_ uncover any new vulnerabilities. It points out common (and slightly less common) configuration errors, which even the people at apache.org made. This is a general warning. Learn from it. Fix your systems, so we won't have to :) /* * introduction */ This paper describes how, over the course of a week, we succeeded in getting root access to the machine running www.apache.org, and changed the main page to show a 'Powered by Microsoft BackOffice' logo instead of the default 'Powered by Apache' logo (the feather). No other changes were made, except to prevent other (possibly malicious) people getting in.
A hekkelés nem az Apache szerver biztonsági hibáját használta ki, hanem egy hibás konfigot.