Administrators watch out: "Chaos" is about to ensue
The Chaos Communication Camp hasn't even started yet and the first "hacked" web pages have already appeared in the "Hall of Shame". There is usually an increased number of such activities during the German Chaos Computer Club's summer camp as well as during their end of year congress.
For example, during the 21st Chaos Communication Congress in 2004, about 18,000 web sites suffered intrusions, a scale of activities that even caused the German state office of criminal investigation, Landeskriminalamt (LKA), to get involved, and has sparked discussions about hacker ethics. During events of this kind, administrators should check more often than usual whether geeks have wreaked havoc on their web pages. The camp officially starts tomorrow, Wednesday 8. August.
The list on the CCC web site currently contains three holes: An SQL injection hole in an online hardware store allowed a "Leet HaX0r tool" and picture to be added to the list of available tools. In addition, the web servers of two minor ISPs have directory traversing vulnerabilities which allow unauthorised file access, for example to /etc/passwd.
- Hacked, list of compromised servers