I was doing some research today and came across a security vendor whose public web site was defaced. The defacement was buried a couple levels deep so it may have gone unnoticed for a while. I found it by accident. I mis-typed the URL of a file I wanted and presto…there was the defacement. As it turns out this was not the first time. I checked out the Zone-h defacement archives and there was a defacement in the same subdirectory back in the fall of 2006. A quick check of Netcraft shows that the site’s OS / Web Server versions have not changed. Apparently whatever misconfiguration / hole allowed them in back in October allowed them back in again. Or something new came up, it is a Windows 2003 server after all 
The really funny thing is that the uber hackers created the defaced HTML page in……..Word 2000!. That takes some skill right there boys and girls.
I did the responsible thing and called their office, after I laughed my ass off Their response was, Oh Crap. A security company getting p0wnd really isn’t anything to laugh about, getting nailed twice in the same place is grounds for laughter in my book. I have been there myself. One of the sites I maintain uses the Joomla CMS. One Friday afternoon a vulnerability was announced in the calendar module that the site uses. In the wee hours of Sat morning (about 10 hours after the announcement) the site was defaced. My eye was not on the ball that day as I missed the announcement form Secunia about the vulnerability. I paid the price.
Before you start asking, NO….I am not going to disclose the company or the site.
–Chris
Technorati Tags: Defacement, hacked, Secunia, zone-h, joomla, security company, Information Security
Leave a Reply