Internet Storm Center

Shaylan just wrote us "my website has been taken over" ... "people are using them without my permission".

 He attached a file which is probably collected from his site. It includes a flash animation and redirects to what looks like a Turkish political website. I don't speak turkish, so I am not sure what side/view the site covered. However, the entire episode certainly brought back long subpressed memories about turkish/armenian usenet fights and "hacked by chinese" messages spread by Code Red. Political "hacktivism" has kind of taken a lesser role these days with everybody focusing on making money.

But what are the lesson here?

1. They are still out there. Usually bottom feeding on the scraps left by bots (or using bots to their advantage of course).
2. "Best Practices": Its hard to run a hacker-proof website. But its like anything... a little effort goes a long way and keeps out most of the riff-raff.
3. Shared Servers: Don't use them for business critical web sites. They are fine to run a hobby site from. But for anything else: Get a dedicated system. IMHO, the jury is still out if virtual machines provide enough separation.

Lets see what the weekend brings, but with a bit of luck we will not get flooded by current events and I will find a bit time to discuss web security (or well... if you REALLY want to learm more about web security, see me at RSA early february)
I will be teaching next: Intrusion Detection In-Depth - SANS Cyber Safari 2022