Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
FAA Confirms Hack Attack
Kevin Poulsen, SecurityFocus 2002-04-25

Self-styled patriotic intruders deface a government airline security site and download a detailed screener database. Their proclaimed mission: saving the U.S. from foreign cyber terrorists.

Comments Mode:
Access? 2002-04-26
Anonymous (2 replies)
I'm not sure which is more disturbing, the fact that the FAA's security got breached, or the fact that they're using Microsoft Access, the most unstable database known to man. ;)

...

[ more ]  [ reply ]
Access? 2002-04-27
Anonymous
I believe the CompSec Czar said it best that any company that doesnt put forward the necessary needs for security deserves to be hacked- or a variation of the sorts....

[ more ]  [ reply ]
Access? 2002-04-29
Anonymous
Not to meantion insecure. :/...

[ more ]  [ reply ]
FAA Confirms Hack Attack 2002-04-29
b0iler (1 replies)
Talk about poor security practice. I'd say keep your http server completely seperate from anything holding sensitive info. If it's absolutely needed for http then atleast have other security measures in place (encryption purhaps)....

[ more ]  [ reply ]
FAA Confirms Hack Attack 2002-04-30
Liran
Yes , you are right.

you should TOTALLY seperate the front end servers from the Backoffice servers and data center. a well known solution might be the GAP technology solutions.

i.e. NetGAP appliances...

[ more ]  [ reply ]
FAA Confirms Hack Attack 2002-04-30
Hamster1 (1 replies)
I don't think the motives of the "Deceptive Duo" are perfectly altruistic, but they should not be the focus

of the topic of "network security". The fact is they exposed some very sloppy configuration of an important

entity's network, the F.A.A. This in itself confirms to me that many Gov. entities...

[ more ]  [ reply ]
FAA Confirms Hack Attack 2002-04-30
Anonymous
Looks like an inside job.......

[ more ]  [ reply ]
FAA Confirms Hack Attack 2002-04-30
SyS64738 www.zone-h.org admin
I think that we should all stop to evaluate the Deceptive Duo's act under the pure techical means. It is not important at all what database was used to store those informations. What is important is that if a terrorist would have hacked the same FAA server, he could get the same infos as TDD got. It...

[ more ]  [ reply ]
FAA Confirms Hack Attack 2002-05-01
abolfathi
this topic was a great example that hight profile sites can be a good victim for hackers...

[ more ]  [ reply ]
FAA Confirms Hack Attack 2002-05-01
Anonymous
I don't know why high-risk entities even host thier own site, If I was the administrator at agencies such as the FAA, step 1 would be an off-site hosting solution. Step 2 IDS infront of internet router, Network IDS internal, and encrpyption all the way. Not like they dont have the $$....

[ more ]  [ reply ]
FAA Confirms Hack Attack 2002-05-02
Anonymous
The most disturbing part of the whole situation is the fact that the ego's of the 'suits' are so bruised, they worry more about prosecuting and saving face than ACCEPTING AND RESOLVING THE _REAL_ ISSUES!...

[ more ]  [ reply ]
FAA Confirms Hack Attack 2002-05-06
Koertsch
Which Desktop Theme do those guys use? It's nice!...

[ more ]  [ reply ]
FAA Confirms Hack Attack-Downplay?? 2002-05-07
Anon
It seems that each of the entities that TDD hit have spent more time downplaying the sensitivity of the information accessed instead of addressing the actual issue at hand, which is insecurity of the breached systems.

On a side note...Most companies have to pay for this type of security testing...

[ more ]  [ reply ]
FAA Confirms Hack Attack 2002-05-07
Anonymous
Totally! I was sitting here, reading...and I had to re-read it again. Access? Huh?

I'll never fly again....

[ more ]  [ reply ]




 

Privacy Statement
Copyright 2009, SecurityFocus