[ISN] Security organisation's Web site hacked

[InfoSec News]

http://news.zdnet.co.uk/0,39020330,39185308,00.htm

Dan Ilett
ZDNet UK
January 24, 2005

The Information Systems Security Association's UK Web site [1] was
defaced earlier this month after a server upgrade

The UK arm of the Information Systems Security Association (ISSA) has
admitted its Web site was hacked into and defaced earlier this month.
  
The organisation's Web site, which has the logo "the global voice of
the information security profession", was hacked after its server was
upgraded.

"In mid-December we switched to a different server and upgraded the
software," said Richard Starnes, president of the ISSA UK. "In the
patching process, some of the patches were missed. The Web site was
subsequently hacked. We took the Web site down, removed the
vulnerability, audited the Web site and reported it to the proper
authorities."

The ISSA UK Web site, which is sponsored by security companies Sophos,
(ISC)2 and Websense, was hacked on January 7th, Starnes confirmed.

According to a report on a hacking Web site [2], a hacker dubbed
iskorpitx penetrated and defaced the ISSA Web site on January 7th at
19:39. The mirror image of the defacement hack showed large pictures
of the Turkish flag and a message saying "HACKED By iSKORPiTX (Turkish
Hacker)". The browser is then diverted to another Web site, which
displays a large photo of dolphins.

The ISSA board in the US includes representatives from Dell, Forrester 
Research and Symantec. The ISSA says it is the largest international 
not-for-profit association specifically for information security 
professionals. 
 
[1] http://www.issa-uk.org/
[2] http://www.zone-h.org/