[ISN] Provo patching security after hackers sack site

InfoSec News isn at c4i.org
Thu Nov 17 02:25:48 EST 2005


http://www.harktheherald.com/modules.php?op=modload&name=News&file=article&sid=68932

Rashae Ophus Johnson 
DAILY HERALD
November 16, 2005 

It posed more of a nuisance than a security hazard when someone hacked
into Provo's city Web site Saturday, but it prompted renewed vigilance
in patching vulnerabilities elsewhere on the city network.

"We didn't feel like we were much of a target -- why would anyone want
to hack into the Provo city Web site?" said Robert Ridge, director of
information systems. "Now that it's happened, I guess it's a higher
priority than we thought."

The city's Web server is not connected to any computers with access to
private information such as personnel files, Ridge said. Technology
staff traced the breach to an old version of the Samba software
program that never was removed from that computer after the city quit
using it. When the vendor released notification of a vulnerability and
offered a "patch," city technology staff didn't know Samba still
lingered on the one server and thus overlooked the warning.

Hackers write programs that crawl the Internet, searching for systems
with newly publicized vulnerabilities, and one such person --
apparently a subscriber of a high-speed cable provider in Canada --
infiltrated Provo's site Saturday morning.

"This is a constant cat-and-mouse game," Ridge said. "It's always a
race to whether they find the vulnerability and exploit it first, or
we patch it first."

The hacker replaced Provo's Web pages with different pages and posted
a sarcastic message of something like, "So sorry, you've been hacked."

City technology staff spent a few hours reverting the pages back to
the originals, and www.provo.org was operating properly again by 4
p.m. Saturday.

"It was purely a nuisance. They got no information or other gain. They
didn't leave their name so they didn't even get any notoriety," Ridge
said. "All they did is deny the people of Provo and the people of the
world access to our Web site."

Ridge said Provo city's servers don't store much private information
beyond some personnel records, but his staff still is scouring the
servers for other possible breaches.

"This has been kind of a wake-up call, and now we think we know of
other things we can do to strengthen our security," Ridge said. With
no resulting damage, "I guess in a way they did us a favor in making
us be more vigilant."





More information about the ISN mailing list