Results 1 to 2 of 2

Thread: olympia and security

  1. #1
    Senior Member
    Join Date
    Nov 2001
    Posts
    119

    Angry olympia and security

    hi everybody,

    that was today in a german computer news and the scans did a security company.please don't
    do it as well:
    the us goverment paid over 300 billions for security reasons at the olympic games in salt lake city.that is the biggest budget that a gov has ever paid.
    but they missed the online-security because the central mailserver from International Sports Broadcasting (ISB), is pretty open!!that ISB is the host broadcaster for the games.all audio/video records are distributed from ISB all over in the world.for administer reason that is the only one that has the permission(rule from the International Olympic Committee ).
    The mailserver is worldwide available(Microsoft Exchange Server 5.5) and there is no firewall.
    the result from a simple portscan:

    Interesting ports on mail.isbtv.com (63.226.107.165):
    (The 1527 ports scanned but not shown below are in state: closed)
    Port State Service
    21/tcp open ftp
    25/tcp open smtp
    27/tcp open nsw-fe
    80/tcp open http
    110/tcp open pop-3
    119/tcp open nntp
    135/tcp open loc-srv
    139/tcp open netbios-ssn
    143/tcp open imap2
    389/tcp open ldap
    443/tcp open https
    563/tcp open snews
    593/tcp open http-rpc-epmap
    636/tcp open ldapssl
    993/tcp open imaps
    995/tcp open pop3s
    1109/tcp open kpop
    1112/tcp open msql
    1433/tcp open ms-sql-s
    6667/tcp open irc
    6668/tcp open irc Remote operating system guess: Microsoft NT 4.0 Server SP5 + 2047 Hotfixes


    for an attacker is possible to manipulate the data.there is no ssl/tls encryption.a bad guy can get,read,manipulate and masquerade post his/her own message

    Trying 63.226.107.165...
    Connected to 63.226.107.165.
    Escape character is '^]'.
    220 mail.isbtv.com ESMTP Server (Microsoft Exchange Internet Mail Service 5.5.2653.13) ready
    starttls
    554 Unable to initialize security subsystem


    what does it mean?

    1.an attacker can forge data send worldwide for example to client-tv stations
    2.the system is open to get permissions for security areas...and so on


    the originial message:
    http://www.heise.de/newsticker/data/ur-20.02.02-000/

    cheers,

  2. #2
    Senior Member
    Join Date
    Feb 2002
    Posts
    133
    This type of thing might be avoided in the future when the new Cyber Security centre is up and running. Probably not though.

    Click here for more details on the centre if interested.
    If you don\'t learn the rules nobody can accuse of cheating.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •