Welcome to the tenth issue of ISO17799 News, designed to keep you abreast of developments and news with respect to ISO 17799 and information security. The information within the newsletter is totally free to subscribers and provides guidance on various practical issues, as well as commentary on recent Information Security incidents.
Included in this edition are the following topics:
HACKED AND DEFACED WEBSITES
Fact: Every day of every week dozens of corporate websites are hacked and defaced. This statement may surprise some people, but it does illustrate that this problem is extremely large scale and the threat is very significant. Even on the very day this item is being written, well known sites owned by Lycos and the European Union have been defaced.
A future edition of this newsletter will therefore investigate this issue in some depth. We will explore some of the more high profile attacks, and offer advice on what to do to minimize risks... and recover should you become a victim.
In the meantime, if you ever wondered what drives these guys, Zone-H (www.zone-h.org) reports the following (from a substantial sample):
Heh...just for fun! 35%
No reason specified 19.2%
I just want to be the best defacer 12.5%
As a challenge 11.7%
Political reasons 9.2%
Revenge against that website 1.9%
They also report that over half of successful hacks exploit either configuration errors, or unpatched systems: which are very basic security issues!