Over the past three days, a group known as PoizonB0x has defaced 12 web sites with 'security' in their name. Despite the names, the notion that they are targeting computer security web sites is a bit off based. In looking at their targets, only 2 of them are readily identifiable as computer security specific. While embarassing and amusing, it doesn't necessarily define a trend of targeting computer security companies as some fear.
13/06/2001 -- www.esecurityinc.com
E-Security, Real-Time Security and Awareness Software

When Brian McWilliams of Newsbytes approached the company, he was told the security of their web site is handled by a third party.
  Jim Engineer, a spokesperson for e-Security, said the company's site is
  hosted by an outside vendor, HostPro, Inc., a subsidiary of Micron
  Electronics. All maintenance of the server, including security patches,
  are the responsibility of HostPro, according to Engineer.

  "Obviously, we expect them to be proactive about security measures. We
  are in the process of consolidating this function in house so we can do
  an even better job," said Engineer, who reported that the site is purely
  informational and the defacement did not affect e-Security's partners'
  or customers' information security.
Considering E-Security just closed 20 million in equity financing, one might wonder why they couldn't afford the resources to host their site in home.

13/06/2001 -- www.compasssecurity.com
Hauser Technology Integration, Inc.

As the time of this article, compasssecurity.com is not responding to HTTP requests. Doing a quick search for their name on Google, one can find a little more about Hauser Technology and their COMPASSSecurity product.

http://hausertech.com/biz_solutions.asp
  CompassSecurity ensures that only authorized individuals have access to
  a web- based application.  Where traditional password protection fails,
  CompassSecurity provides positive ID via a hardware "key," user name and
  password. Sensitive materials and services can now be securely accessed
  over private or public networks.
Among the other sites defaced were a security search engine and three companies not readily identifiable as computer security related.

13/06/2001 -- www.security.co.il
(still defaced) Security Industry Search Engine

13/06/2001 -- www.securitycart.com
(still defaced) Security Cart

13/06/2001 -- www.blanketsecurityinc.com
(still defaced) BlanketSecurityInc

13/06/2001 -- www.enterprisesecurity.com
Enterprise Security Systems, Inc.

11/06/2001 -- security.ia.ac.cn
(still defaced)

Five of the sites belonged to companies that install physical security devices such as residential and business alarm systems.

13/06/2001 -- www.nz-security.co.nz
(still defaced) New Zealand Security

13/06/2001 -- www.bicsecurity.com
(still defaced) BIC Security Systems

12/06/2001 -- www.highsecurity.it
Highsecurity

12/06/2001 -- www.aasecurity.com
(still defaced) A&A Security Systems & Services

12/06/2001 -- www.eagle-security.com
Eagle Security Products (Two-Way Audio Alarms)


Mirrors of the PoizonB0x defacements:
http://defaced.alldas.de/defaced.php?attacker=PoizonB0x&p=1

Hacking Group Targets Security Sites
By Brian McWilliams, Special to Newsbytes
http://www.newsbytes.com/news/01/166787.html



---
© 1999, 2000, 2001 Copyright Brian Martin
Permission is granted to quote, reprint or redistribute provided the text is not altered, and the author and attrition.org is credited. The opinions expressed in this text are not necessarily the opinion of all Attrition staff members.

To subscribe to this list, send mail to majordomo@attrition.org with subscribe defaced-commentary in the BODY of the mail.