[PIC Defacement Commentary] Careless/clueless admins of some "gov.in" websites

• From: "Project India Cracked" <indiacracked@xxxxxxxxxxx>
• To: pic_defacement_commentary@xxxxxxxxxxxxx
• Date: Fri, 18 Oct 2002 10:31:57 -0400

Hi,

Two high profile sites connected to Indian government has been in the 
defaced state for the last one week and I bet the web admins don't know 
about it. Look at the websites of Andhra Pradesh Technology Services
(www.apts.gov.in) and N.F.Railway H.Q.. They seem normal. However, they 
have been defaced. The difference is that it is not the front page that 
has been defaced. Pages inside the main directory have been defaced and 
still remains in the defaced state as this is being written. Proof - 
www.apts.gov.in/iisadmpwd/fbh.asp and 
www.nfr.railnet.gov.in/msadc/FBH.htm. In case the clueless admins do 
finally know about this defacement (hopefully they will once I send an 
email), they have been mirrored at URls given below.

What is so disturbing is that the defacements used holes that have been 
common knowledge since 1998 or so, the Unauthorized ODBC Data Access 
with RDS and IIS bug and IISADMPWD security hole, two of the things in 
the checklist of things to be removed from a server before it goes 
live - according to Microsoft Security Bulletin.

URLs
----
Mirrored apts.gov.in URL - http://www.zone-
h.org/defaced/2002/10/10/www.apts.gov.in/iisadmpwd/fbh.asp
Mirrored nfr.railnet.gov.in - http://www.zone-
h.org/defaced/2002/10/10/www.apts.gov.in/iisadmpwd/fbh.asp
ODBC Access URL - http://www.microsoft.com/technet/treeview/default.asp?
url=/technet/security/bulletin/ms98-004.asp
Microsoft Tech Bulletin - 
http://www.microsoft.com/technet/treeview/default.asp?
url=/technet/prodtechnol/iis/deploy/depovg/securiis.asp


Regards,
Srijith.K
PIC

¨¨°º©o.,.o©º°¨¨°º©[ Important Notice ]©º°¨¨°º©o.,.o©º°¨¨

This email is being sent to you because you subscribed to the mailing list 
using the email to which this email was sent to. If you want to unsubscribe, 
please send an email to pic_defacement_commentary-request@xxxxxxxxxxxxx with 
'unsubscribe' in the "Subject" field. Yes, the "Subject" field, NOT the body of 
the email.

This is a newsletter styled mailing list. So, you cannot post anything to this 
mailing list. All email sent to the email address of the list will be sent to 
an email blackhole without exception.

Please visit Project India Cracked at http://www.srijith.net/indiacracked
for more information.

¨¨°º©o.,.o©º°¨¨°º©[ /Important Notice ]©º°¨¨°º©o.,.o©º°¨¨

• » Related posts
• » Previous by Date
• » Next by Date
• » This Month's Archive
• » Main Archive Page

• » View list details
• » Manage your subscription