Security organisation's Web site hacked

January 24, 2005

By Dan Ilett, ZDNet UK

http://news.zdnet.co.uk/0,39020330,39185308,00.htm



The Information Systems Security Association's UK Web site [1] was defaced earlier this month after a server upgrade

The UK arm of the Information Systems Security Association (ISSA) has admitted its Web site was hacked into and defaced earlier this month.

The organisation's Web site, which has the logo "the global voice of the information security profession", was hacked after its server was upgraded.

"In mid-December we switched to a different server and upgraded the software," said Richard Starnes, president of the ISSA UK. "In the patching process, some of the patches were missed. The Web site was subsequently hacked. We took the Web site down, removed the vulnerability, audited the Web site and reported it to the proper authorities."

The ISSA UK Web site, which is sponsored by security companies Sophos, (ISC)2 and Websense, was hacked on January 7th, Starnes confirmed.

According to a report on a hacking Web site [2], a hacker dubbed iskorpitx penetrated and defaced the ISSA Web site on January 7th at 19:39. The mirror image of the defacement hack showed large pictures of the Turkish flag and a message saying "HACKED By iSKORPiTX (Turkish Hacker)". The browser is then diverted to another Web site, which displays a large photo of dolphins.

The ISSA board in the US includes representatives from Dell, Forrester Research and Symantec. The ISSA says it is the largest international not-for-profit association specifically for information security professionals.

[1] http://www.issa-uk.org/


main page ATTRITION feedback