Hackers Pounce On New Telnet Hole found on most Unix systems
A newly discovered vulnerability affecting many UNIX-based computers is providing fertile ground for Web site attackers. Since a buffer overflow bug in the Telnet program shipped with most operating systems built on code from Berkeley Software Design Inc. was publicized last week, hundreds of Web sites running the operating system have been defaced.
On Tuesday, a pro-Israeli hacking group called "m0sad" was able to compromise a server running the FreeBSD operating system at Palnet Communications Limited, a Web hosting firm in Jerusalem. M0sad defaced 200 Web sites hosted by Palnet, replacing the sites' home page with one of their own, which read "Remember Arafat's crimes" and included photos of 137 people whom the attackers said were "victims of the Arab terror since October 2000.
Hackers Pounce On New Telnet Hole
By Brian McWilliams, Newsbytes
JERUSALEM, ISRAEL,
.
Palnet officials could not be reached to confirm whether the attackers exploited the new Telnet vulnerability.
Prior to the Palnet defacement, m0sad had almost exclusively targeted servers running Windows for its defacements, according to records maintained by the Alldas.de defacement archive.
The Computer Emergency Response Team (CERT) Tuesday issued an advisory about the Telnet vulnerability. According to CERT, all versions of the BSDI operating system are exploitable, as are all released versions of FreeBSD.
Information about the Telnet vulnerability was posted to several security mailing lists on July 18 by a group of network security enthusiasts called Teso.
Today, a hacking crew called LatexGirl defaced 10 sites hosted by Zoku.net of British Columbia. A port scan of the server revealed it is running FreeBSD and has its Telnet port open.