The original article has since been updated to reflect some of what I pointed out.


From: security curmudgeon (jericho@attrition.org)
To: feedback@vnunet.com
Cc: errata submission 
Date: Tue, 23 Oct 2001 09:57:53 -0600 (MDT)
Subject: Taliban defacement article

Sheesh guys...

http://www.vnunet.com/News/1126342

But what has amazed security experts more is the fact that it took so long 
for someone to have a crack at the site.


[What security "experts"? The ones that don't know how to use 'whois' or
 ones you asked for opinion without giving all the facts? Did anyone
 bother to look at when the domain was created?

 DOMAIN CREATED : 2001-09-15 00:00:00

 I don't think I need to remind anyone of 9-11 vs 9-15 here..]

Last night an as yet unheard of defacer going by the name of MaxMouse 
replaced the homepage of Talibanonline.com with images of the American flag 
and the message: "The United States will destroy you! You will pay for this 
you stupid fools!!!"


[Did you consider that 'MaxMouse' may have created the domain?]

Mark Read, network security analyst for MIS, said he wasn't aware of the 
site being defaced in the past, although a sister site, Taleban.com has 
been hit numerous times.


[Well duh? Of course it hasn't been hit in the past. The domain is new.
 And really, is it "taleban" or "taliban" in these domain names, and do
 they really have anything to do with the real thing?]

Read said it was likely that the attacker, who has not claimed any other 
defacements, was probably a script kiddie exploiting one of the holes in 
the IIS 5 webserver.
"But I'm amazed it has taken someone so long to attack that name," he said.
In an ironic twist to the story, it seems that although the site is 
registered to the Afghan National Taliban in Kabul, it is actually hosted 
by a US company called Network Commerce in Seattle, Washington.


[Why is that ironic given the creation date for the domain?]




main page ATTRITION feedback