Sunday, June 19, 2005

The Vulnerabilities of Developing on the Net - Apr 2001

STSC CrossTalk - The Vulnerabilities of Developing on the Net - Apr 2001: "The Vulnerabilities of Developing on the Net"

Disaster has struck. You would think that firewalls, combined with filtering routers, password protection, encryption, and disciplined use of access controls and file permissions would have been enough protection. However, an overlooked flaw in the commercial web server application allowed a hacker to use a buffer overflow attack to leverage the application's privileges into administrator-level access to the server. From there it was easy to gain access to other machines within the Intranet and replace the public Web pages with details of the hack. With the company's public site showing a live video stream of an ongoing internal, private and sensitive company meeting, it left little room for doubt as to how badly they had been hacked.
Post a Comment