<a href="http://edition.cnn.com/2003/TECH/internet/07/03/hacker.warnings.ap/index.html">http://edition.cnn.com/2003/TECH/internet/07/03/hacker.warnings.ap/index.html</a><br /><br />A global hacker / cracker contest is rumoured to take place tomorrow, July the 6th. The contest is called Defacers Challenge and has <a href="http://www.defacers-challenge.com">web site of its own</a>. According to CNN, "the Department of Homeland Security said Wednesday it was aware of the hackers' plans but did not expect to issue any formal public warnings. The Chief Information Officers Council, part of the Office of Management and Budget, cautioned U.S. agencies and instructed experts to tighten security at federal Web sites."<br /><br />If you run a web site, I suggest you make sure all the latest security patches and updates have been applied. I recently read from a public security newsgroup the following statement about the contest: "Supposedly its true but don't let that make you think you have to switch your servers off this weekend to be safe or that you don't have to worry about this problem at any other time of the year. Hackers are always with us."<br /><br />While on the subject of security! If you believe you have found a security vulnerability affecting a Microsoft product you can always contact Microsoft Security Response Center either by e-mail ([email protected]) or by filling out this <a href="https://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/alertus.asp">web form</a>.

Just for kicks, I took a look at the site that is organizing this. Ironically, the winner gets something else for everyone to hack:

500mb of hosting
webmail
email forward (limitless)
Domain Name (that YOU choose)

It's almost like awarding a gasoline generator to the Greenpeace effort that causes the most uproar...... :idontthinkso:

Good luck to all sites tomorrow. Be safe. :puppydogeyes:

Don't people have anything better to do? :roll:

While on the subject of security! If you believe you have found a security vulnerability affecting a Microsoft product you can always contact Microsoft Security Response Center either by e-mail ([email protected]) or by filling out this web form (https://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/alertus.asp).

Hah! Good luck with getting anything useful from that.

http://www.pivx.com/larholm/unpatched/

Also see the XBox hackers, which are mislabelled (note: they're still idiots) but did try to get in contact with MS for 2 months.

Besides, this is getting everyone to worry about security right? So it's not like "they don't have anything better to do" they're getting sites to ramp up security. Anyone who gets hacked now is basically due to their own stupidity.

Besides, this is getting everyone to worry about security right? So it's not like "they don't have anything better to do" they're getting sites to ramp up security.
So, you won't mind if I break into your house and make a mess to show you you could do a better job of personal security? :roll:

Great...

Stay tuned for the next episode of script-kiddies-run-amok... :devilboy:

Keep puffing out your chests boys; at the end of the day, you still ain't nothin'

Besides, this is getting everyone to worry about security right? So it's not like "they don't have anything better to do" they're getting sites to ramp up security.
So, you won't mind if I break into your house and make a mess to show you you could do a better job of personal security? :roll:
Bingo! I love the cracker claims that they're just illustrating the lack of security. If they're really so good, why not offer their services as security testers before hacking into a site?

Even if they do hack into a Web site, do they really have to deface it? If their ego requires changing something, instead of a big, gaudy "This site hacked by L00zers" message, they could just put something at the bottom of the page and then notify the Web master of the site. Of course, that's just a matter of degree, like doing a big burglary vs. a small one.

Yes, people without security are pretty foolish, but being foolish should not be taken as an offer to be hacked, just like leaving my front door open should not be taken as consent to steal my belongings.

Steve

I VERY highly doubt that they're doing it to prove that security is a problem (if so, it's just a reason to hack) but nevertheless, this will make sure your securtity on your webserver is up to snuff.

Using the house analogy, if there were a burglar going around in your neighborhood, and he announced he was going to raid everyone's houses on a night, are you going to make sure your house is safe, or are you just going to complain about the criminals?

I VERY highly doubt that they're doing it to prove that security is a problem (if so, it's just a reason to hack) but nevertheless, this will make sure your securtity on your webserver is up to snuff.

If I want to know if my Web server security is good, I'll pay someone to test it. If somebody wants to test it for free, they can ask for permission.

Using the house analogy, if there were a burglar going around in your neighborhood, and he announced he was going to raid everyone's houses on a night, are you going to make sure your house is safe, or are you just going to complain about the criminals?
I'm going to call the cops and have them stake out my neighborhood.

By the way, did you miss where I said people without security are foolish? However, lack of security in no way mitigates criminal behavior. The only reason we have security is because most of us are realistic enough to understand that there are losers out there.

Steve

the purported upcoming hacking events will certainly display an incredible about of hacking ability. despite these guys being a bunch of losers, i must say i admire their skills. the real issue is that they use this skill against innocent organizations. why couldn't these hackers create website amongst themselves and hack each other's? surely coders with their ability can design more secure sites then any mainstream organization, thus more challenge and "fun." the reason the aforementioned will never occured is that hacking is not about the computer work. it is, for all sakes and purposes, an ego trip. you are doing something you should not that will be noticed by all. it is like high tech graffiti in a sense.

The winner gets to choose between the blue or red pill...

Sorry bad joke :)

why couldn't these hackers create website amongst themselves and hack each other's?
After I wrote my last post, I thought of the same thing. After that, I realized that's been done. DefCon has a very similar contest, called Capture the Flag (http://www.shmoo.com/cctf/), where people set up machines on a LAN and you have to hack into them.

Steve

This bunch of losers aren't real hackers. Real hackers have a code. Real hackers have morals and ethics. Real hackers don't do this kind of ****.

The kinds of people that do this are genuine losers with nothing better to do, and I wouldn't worry too much about them.

Also just because there may be an added threat now is a good time to make a full site back up just in case. If you have been putting it off now is a good time to take care of that. Even thought the hacker code of ethics for defacement is supposed to have the hacker back up your site, leave a message of how they broke in, and then just put up something they felt like doing.

There are some really funny/unique stories from Defcon's CTF. They managed to social engineer the password out of the admin of the PC. Then, another time, one team drilled a hole through the wall in order to keep hacking through the night. Then there was the time they stuffed a person in a mainframe, shipped him into the server room, and went from there. Can't remember where I read these stories though.

HA! Looks like the site sponsoring this hackathon has also been defaced. $t0oP1D h@X0r$ - do something productive with your lives :pukeface2:

I presume that y'all know by now that this was essentially nothing more than media hype and paranoia? Web defacing goes on 24/7, 365/year. Nothing special about Sunday. Except that it was a slow news weekend and US media needed another "Evil Internet Threat" story to round out the news. AS IF millions of AOL lusers were going to do anything about this "threat."

Read these URLs quickly in order ... no really, read them if you took special precautions against this "contest" last weekend.

http://www.trusecure.com/knowledge/hypeorhot/2003/defacerschallenge.shtml
http://www.vmyths.com/hoax.cfm?id=279&page=3
http://www.wired.com/news/technology/0,1282,59538,00.html
http://www.wired.com/news/infostructure/0,1377,59556,00.html

P.S.: admins who only make sure their servers (web or otherwise) are patched and secure when some hyped hysteria is carried off by some pseudo-hacker group and some befuddled civil servants sound the alarm ... deserve to have their servers compromised, defaced and crashed. Really. It's a 24/7 responsibility; don't wait for CNET to tell you it's time to update your server. >:|

It would have been so much more interesting if the group hadn't actually mentioned they were going to do this.