The notion of retaliatory attacks was panned by security analysts and network operators, who say such actions would congest networks, damage innocent parties and violate acceptable use policies - if not the law. Such tactics are unlikely avenues for corporate DDoS victims such as Microsoft or The SCO Group.
But they may be of interest to subjects of "DDoS blackmail" schemes, which in recent months have targeted online gambling sites. Several online casinos have admitted making payments to cyber-extortionists. Some who have refused to pay, including the Irish bookmaker Paddy Power, say their operations were subsequently disrupted by DDoS attacks.
The California Security Breach Information Act (full text here), which took effect on July 1, requires companies with customers in California to notify them whenever their personal information may have been compromised. "You want to make sure there's full and complete disclosure as required by law," Allegiance spokesman Jerry Ostergaard told Security Focus, which first reported the incident.
The exploit affects a feature in WebHost Manager through which resellers can let their users retrieve lost or forgotten passwords via email. The setting, found in WebHost Manager in the "Tweak Settings" section, "is built into all compiled cPanel binaries and as such can not be patched," according to an advisory on the BugTraq mailing list, which includes instructions on addressing the vulnerability.
cPanel is found on about 1.4 million hostnames worldwide. The software is widely used by many large hosting companies, especially those offering dedicated servers. Its user-friendly interface automates many elements of web site management for resellers and customers. The issue affects versions up to 9.1.0 build 34. All builds released after that have been fixed.
With its huge customer base and reseller network, Go Daddy is positioned to make a sudden impact in the SSL market, where the vast majority of certificates are issued by three companies - VeriSign (which also owns Thawte), GeoTrust and The Comodo Group. "We're looking to become a major player in this particular industry," Go Daddy President and CEO Bob Parsons said in an interview yesterday. "We've spent about a year preparing for this."
The GoDaddy certificates are priced at $89.95, well below comparable products from GeoTrust ($149 a year) and VeriSign ($199 to $349 a year and up). Comodo's Pro SSL certificate sells for $69, but differs slightly from the others in that it relies upon a "chained" root owned by a third party, BeTrusted.
This trend bears watching, as the presence of an SSL certficate was intially touted by consumer protection groups as a way to differentiate between scams and legitimate sites. The U.S. Federal Trade Commission, for example, offered this advice to consumers concerned about phishing: "Before submitting financial information through a Web site, look for the "lock" icon on the browser's status bar. It signals that your information is secure during transmission."
But security professionals are focused on the limitations of SSL in the wake of a recent scam targeting Earthlink users (mentioned near the bottom of this story) which employed an SSL certificate so the bogus page displayed the lock icon. In this case, the certificate appeared legit because it matched the URL of the fake page mimicking the Earthlink web site, but had no connection to Earthlink. Visitors would only detect the deception if they reviewed the certificate.
The domains advertised in the e-mail solicitations include carder.org, carderclan.net, carderportal.com, carderportal.org, the cc.ru, mazafaka.ru, lncrew.com, majordomo.ru and agava.com. A sample mail illustrates the structure of the pitch:
Hello, Thank you for registration on our board http://www.carderclan.net & http://www.carderportal.com Your Login & Password: Login: User871 Password: MkSCs4c On our site you will find: Spam Hosting - from 20$ per mounth. Fraud Hosting - from 30$ per mounth. Stolen Credit Cards, Fake ID, DL's. Spam For free only from 5.02.2004 to 14.02.2004. Welcome: http://www.carderclan.net & http://www.carderportal.com
Your link here? Advertising on the Netcraft Blog