In the early hours of Friday morning (Jul 13), a defacer known as "Fluffi
Bunni" defaced the website of SANS (www.sans.org). As of this posting (Jul
14, 5am MDT) the site is still not responding. On the defacement, it asks
"would you really trust these guys to teach you security?"
According to their website:
The SANS (System Administration, Networking, and Security) Institute is a
cooperative research and education organization through which more than
96,000 system administrators, security professionals, and network
administrators share the lessons they are learning and find solutions to
the challenges they face. SANS was founded in 1989.
SANS is well known for providing security seminars and training to
administrators and security consultants around the world. SANS training
and seminars often cost upwards of $1,000US and cover all aspects of
security including server hardening, intrusion detection,
computer forensics, firewall installation and incident response.
It will be interesting to see if SANS can use their own forensic skills to
track down "Fluffi Bunni". =)
For those interested in hearing more about SANS and security, you can
subscribe to their newsletter by sending a note to firstname.lastname@example.org and
requesting a subscription. Beware, a couple years ago, an unknown hacker
compromised machines on the SANS network and sent out an insulting (and
amusing) spoof newsletter to their entire subscriber base.
Screenshot of the SANS defacement.
Some enlightening words from SANS:
A few software vulnerabilities account for the majority of successful
attacks because attackers are opportunistic taking the easiest and most
convenient route. They exploit the best-known flaws with the most
effective and widely available attack tools. They count on organizations
not fixing the problems, and they often attack indiscriminately, by
scanning the Internet for vulnerable systems.
"SANS offers the world's premier security conference, with unparalleled
opportunities for education, collaboration and networking."
-- Richard Bejtlich, AFCERT
"There is no equal to the information given at SANS."
-- Tim Carrier, Management Science Associates
© 1999, 2000, 2001 Copyright Brian Martin
Permission is granted to quote, reprint or redistribute provided the text is not
altered, and the author and attrition.org is credited. The opinions expressed
in this text are not necessarily the opinion of all Attrition staff members.
To subscribe to this list, send mail to email@example.com with
subscribe defaced-commentary in the BODY of the mail.