Linux Today: Linux News On Internet Time.
Search Linux Today
Linux News Sections:  Developer -  High Performance -  Infrastructure -  IT Management -  Security -  Storage -
Linux Today Navigation
LT Home
Contribute
Contribute
Link to Us
Linux Jobs


Top White Papers

More on LinuxToday


LinuxFreak: Cyber Citizen lands Felony

Aug 20, 2001, 14:16 (22 Talkback[s])

[ Thanks to gh0ul for this link. ] Readers here and around the web have advocated a variety of "white hat" approaches to dealing with Code Red infected machines. This story, though not dealing with Code Red, illustrates some of the perils that can come from seemingly innocuous attempts to help. As one reader has pointed out already, it's also worthwhile to examine the documents provided in this article and get a better sense of balance than the article itself provides:

"A good deed may lead to prosecution for Brian K. West, a 24 year old sales and support employee for an internet service provider in SE Oklahoma. Mr. West has become a statistic for the Computer Analysis Response Team because he alerted a local business to a serious security flaw in their website.

On February 1, 2000, one of West's co-workers created a banner advertisement to be placed on the Poteau Daily News website as part of a legitimate advertising campaign for his employer. To test how how the finished ad would look on the site, West clicked the 'Edit' button on Microsoft's Internet Explorer. This action brought up Microsoft FrontPage and should have created a local copy of the web page, allowing West to do a mock-up of the site on his own computer.

In this case, however, Microsoft FrontPage displayed some unusual files due to a server misconfiguration. After some confusion, West realized that the webserver hosting the Poteau Daily News site required no authentication to edit any file on the site. The lack of authentication meant that anyone could edit the Poteau Daily News website by using FrontPage, without ever having to provide a password. Clearly, this was a massive security hole."

Complete Story