www.boards.ie defaced

Trojan

<font face="Verdana, Arial" size="2">
Welcome to boards.ie:
Please login:

Username:script_kiddies
Pass:everyone_gets_a_pass

Welcome to Windows NT super dooper dope Operating System
Please use the backdoor to send all bug reports -- Bill Gates

Greetings Professor Falkan.
C:\_

---

To continue to what you wanted, please click here. We do apologise for any disruption.

Suculent Duck: "script kiddies getting the better of you admin?...surely not."

Greetz to Bad Carrilla, Kid B, Ontaro, Scabby, Evil Angelica, Killer Pepe, Ac|dklown, Hackweiser, Little Ca3sar, Diamond Pete Montana, IceDog, TheCP, Pr0phet, The Kemikal Agents, Delta and the Murderous Sound Crew


#hackers_ireland - IRC.DAL.NET 6667
IE defacements
</font>

strat

damn punk kids,
ok Lou, call off the prom !
pfffft fagnint0rts

Trojan

They could have done a lot of damage, considering.

Better forget about current passwords too... don't ever use them again

Al.

root

I guess it was only a matter of time due to boards.ie popularity.Anyone got a mirror ?

root

Just found it...

There is a mirror here on boards.ie at http://www.boards.ie/doh/index.html . Bedlams page at http://www.influence.org/~bedlam/ has quite a few also.
Also a discussion on boards.ie in technology/admin.

Repli

The amount of .ie being defaced lately is disgraceful and it's not going to stop anytime soon. it's all because of stupid NT admins who are too lazy to download the patches for security vulnerabilities. Something should really be done about it.. like perhaps shoot all NT admins...

DeVore

Thats all very well if the admins are being paid to do it.

We're not so its like robbing a not for profit organisation. The time Regi put into locking down the server as best we can *could* have been spent doing something useful for the community (we DO only have limited resources).
In fact it delayed the launch of something else we are working on for the community. but hey, someone somewhere proved something right?

DeVore.

Koopa

glad i dont use my password on boards.ie for anything important

nitr0s

With NTFS, its easy enough to lock down NT.Simple things like, enforcement of strong passwords, seperate logging utilities and programs to monitor changes, restrictions placed on users,files,directories, removing rights..etc will scare away the biggest majority of people who want to break in.I don't think its that hard to secure NT, I know its not "secure by default" like OpenBSD..to say NT is a **** operating system because it isn't, is just a lame excuse for admins not to do their job.Just think about what would help an attacker take over your system and then put the restrictions in place.I don't like lecturing about security as if I know alot on the subject, I'm still a newbie, but I do know its not too hard to lock down NT.

Trojan

<font face="Verdana, Arial" size="2">Originally posted by nitr0s:
but I do know its not too hard to lock down NT.</font>

Cmon, a new CERT adivsory for NT/IIS is out every 5 minutes, and the crackers are the ones letting CERT know about those holes *after* they've exploited them...

It's fine to lock down NT with patches for known exploits, but you can't lock down against someone that only a couple of crackers are aware of. Sure you can minimised damage, but thats not the same thing.

And with Microsofts official policy of the customer base is the QA team, there will be exploits in every release of every product.

Al.



[This message has been edited by Trojan (edited 17-05-2001).]

Snaggle

In fairness, the above applies to OS's besides NT, Linux being an example (especially WRT customer being the Q&A)

Trojan

<font face="Verdana, Arial" size="2">Originally posted by Snaggle:
In fairness, the above applies to OS's besides NT, </font>

Yeah it does, but not *quite* as often maybe. But you're right.

Question is maybe, is shrinkwrapped NT/2K as secure as shrinkwrapped Linux distros? Or is it unfair to compare unpatched OSes?

TBF, I don't think it applies to BSD, or so I've heard...

<font face="Verdana, Arial" size="2">Originally posted by Snaggle:
Linux being an example (especially WRT customer being the Q&A)</font>

Yes, but by agreement, not by force as in the case of the aforementioned monopoly.

Al.

Snaggle

I'm afraid Shrink wrapped Redhat Linux 7.0 was more insecure than shrink wrapped NT/2000, as is the case for every .0 Redhat release in recent memory. I guess it's fair to compare unpatched OSs because hypothetically speaking every fully patched OS should be unhackable to the best of our knowledge

The previous release of FreeBSD (4.2) was disappointingly insecure aswell although 4.3 is going strong at the moment. OpenBSD suffered a few exploits but because they don't run anything but SSH by default, they still maintain their "no remote exploit in the default installation for 3 (?) years" slogan, bit misleading.

On the point of windows being a monopoly (arguable), that's beside the point, it doesn't change the fact that it's still pretty standard for Linux to use the customer as the Q&A, and that Linux does it to a much greater extent than Windows