Also see; http://www.wired.com/news/politics/0,1283,36170,00.html HWA Press release notice -[ RE-RELEASE Sat May 6th ] *** MAJOR BREAKING NEWS ***************=20 *** TYPO CORRECTED *** HOT HOT HOT! *** *** TYPO CORRECTED *** HOT HOT HOT! *** *** MAJOR BREAKING NEWS *************** This is a kind of big story considering the implications and = proliferation of apache web server (free) on the internet today, there is MORE THAN A DEFACEMENT STORY HERE but it seems the virus story has buried this.- C* MAY 3rd INSIDE THE APACHE.ORG HACK ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Brief; APACHE software is free web server software and a high percentage of the internet runs off this well-known and established software not just because it is free but because it is written by experienced internet programmers. This vulnerability could have held a very large percentage of the www wide open to malicious attack and compromise.... TRUE "CLASSY" HACK, HACKERS BUST ROOT AND DEFACE APACHE.ORG ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ http://www.apache.org/ - Currently offline, down most of today. http://www.attrition.org/mirror/attrition/2000/05/03/www.apache.org/ - archive of the defaced site. (Still offline for repairs as of this writing, site has been down most of today (Thurs/Fri)) Brief intro; Hi, I publish a security and hacking ezine that summarizes incidents in an archive format and occasionally am privy to inside information such as the following, I don't normally mail media other than the HNN people (http://www.hackernews.com/) but thisis pretty big and I thought it would be of interest to you. * My site/news ezine can be found at http://welcome.to/HWA.hax0r.news Details; May 3rd: A classy hack: http://www.apache.org was root compromised and defaced in a subtle manner. The site was defaced around 18:37 EST May 3rd 2000 by hackers (*MY EARLIER EMAIL NOTICE STATED Apr 3rd THIS WAS A TYPO) known as "{}" and "Hardbeat" ( {} belongs to Buffer Overflow Security (b0f) a fledgling security group consisting of ex hackers and including people such as mixter who wrote TFN the DDOS distributed attack tool recently brought to light in the media by denial of service attacks on major web sites (b0f site is at http://www.b0f.com) the following url contains an advisory and technically detailed how-we did it paper by {} and hardbeat who worked together on the hack. ** http://www.dataloss.net/papers/how.defaced.apache.org.txt The main page of apache.org was slightly modified to sport a "powered by Microsoft Back Office" banner at the bottom. The intruders contacted apache and it is rumoured one or both were offered jobs with the company although I can confirm nor deny this at present. An interview with {} and hardbeat will be in issue #53 of HWA.hax0r.news which is to be released Sunday night May 7th. This was a classy hack and ended almost like a fairy tale, although tracks were covered and logs cleared, it was decided to alert the apache.org people about the condition and a meeting between the intrucers and apache ensued. Not all defacings go this way, so /kiddies remember it is still very illegal and risky to do this .. be warned. cheers, "Cruciphux" Editor/HWA.hax0r.news Ezine HNN Affiliate/b0f Security IRC (Efnet) #HWA.hax0r.news cruciphux@dok.org