Mass ICQ Hack Has Security Seething

greenspun.com : LUSENET : Grassroots Information Coordination Center (GICC) : One Thread

Mass ICQ Hack Has Security Seething

By Wendy McAuliffe, ZDNet (UK)

June 29, 2001 10:37 AM ET

AOL's ICQ servers were hacked on Monday for the second time this year, it was revealed Thursday night.

The ICQ homepage was defaced by the hacking group Innocent Boys, while a separate server ICQgroup01.icq.com was simultaneously attacked by the notorious Men in Hack (MiH) crackers who added a defaced page to the community page.

The free peer-to-peer ICQ software uses the Microsoft IIS Web server. "This has more holes than Swiss cheese," said Mark Read, systems security analyst for computer security company MIS Corporate Defence Solutions. "It seems that Microsoft doesn't understand the terms of bounds checking--I strongly suspect that within the next couple of weeks another hack of this system will be found."

The two main vulnerability exploits of IIS that crackers are targeting at the moment are the index server buffer overflow for which no official patch has yet been released, and the IIS 5 remote printer overflow, said Read. "Microsoft has released patches for known exploits, but people install servers and don't install the patches or subscribe to any bugtraq mailing lists," he said.

AOL said that the electronic defacement vulnerability was quickly patched, and that no customer details were accessed. But Read argues that it is difficult for AOL to be certain of this. "When you do a search on ICQ, you don't know if this is directing you to another server, or carrying out the search on the screen being defaced where data could be compromised," he said.

On Tuesday, the UK Web site of the fast food chain Burger King was defaced for the third time this year, this time by a cracker operating under the nickname of MrAgent. The flash-enabled site was hacked using a similar IIS buffer-overflow vulnerability.

http://www.zdnet.com/intweek/stories/news/0,4164,2781338,00.html

-- Martin Thompson (mthom1927@aol.com), June 29, 2001


Moderation questions? read the FAQ