[HSC-Unix] SECURITY NOTIFICATION 2003-7-1

Petrie, John F., III PETRIE at uthscsa.edu
Thu Jul 3 10:17:42 CDT 2003 

SECURITY NOTIFICATION 2003-7-1

*** Web defacement challenge scheduled for July 6, 2003 *** 

 

Summary 

 

This notification is an action message for all Web Masters and System
Administrators. 

 

TSRs: Please ensure that your Departmental Web Master and System
Administrators receive a copy of this notification.

 

The New York State Office of Cyber Security has notified the Information
Security community that hacker groups have scheduled a web site defacement
challenge for July 6, 2003.  

 

All publicly accessible web sites, on all platforms (unix, wintel, etc) will
be at risk.

 

The following extract is provided from the original notification.

 

QUOTE

DESCRIPTION:

 

The aim of this competition is for the winning team to deface 6,000 web
sites in 6 hours.  We have learned that some reconnaissance scanning, which
seeks to identify vulnerable web sites, may have already begun. CSCIC will
post additional details as they become available.

 

SOLUTION/WORKAROUND:

 

CSCIC recommends the following preventative measures:

 

- Ensure default passwords are changed. This should include web servers and
any other servers (e.g. database servers) that the web server has a trusted
relationship with.

- Remove sample applications (CGI scripts, Active Server Pages, etc.) that
are not being used from production web servers.

- Lock down Microsoft Front Page Extensions.  By default Front Page
Extensions are installed such that everyone can use them to author web pages
even through proxy servers. Note that this also applies to Front Page
Extensions installed on Unix platforms.

- Turn web server logging on. Logs are essential to determining how a
defacement was accomplished so a recurrence can be prevented. Preferably
extended log format should be enabled.

- Ensure you have a current backup of your web server. In the event of a
defacement, a good backup is essential to timely remediation.

- Apply the latest security patches for your web server and underlying
operating system after appropriate testing.

ENDQUOTE

 

The Information Security Office strongly recommends that all Web Masters and
System Administrators review their respective systems and sites to ensure
that preventative measures have been taken.

 

If you have specific questions or need additional information, you can
contact the Information Security Office at: 

 

Website: http://infosec.uthscsa.edu/ 

Hotline: 210-567-5900 

Email: Security-Questions at uthscsa.edu

 

John Petrie, CBM, CISSP, CHSP

Chief Information Security Officer

The University of Texas

Health Science Center at San Antonio

7703 Floyd Curl Drive

San Antonio, TX 78229-3900

v: 210-567-0652

f: 210-567-2204

p: 877-379-0947

petrie at uthscsa.edu <mailto:petrie at uthscsa.edu> 

--------------------------------------------------------------------------

CONFIDENTIALITY STATEMENT

The information in this email may be confidential and/or privileged. This
email is intended to be reviewed by only the individual or organization
named above. If you are not the intended recipient or an authorized
representative of the intended recipient, you are hereby notified that any
review, dissemination or copying of this email and its attachments, if any,
or the information contained herein is prohibited. If you have received this
email in error, please immediately notify the sender by return email and
delete this email from your system. 

------------------------------------------------------------------------

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://biochem.uthscsa.edu/pipermail/hsc-unix/attachments/20030703/2446de18/attachment-0002.htm

More information about the HSC-Unix mailing list