-
February 21st, 2002, 09:52 AM
#1
olympia and security
hi everybody,
that was today in a german computer news and the scans did a security company.please don't
do it as well:
the us goverment paid over 300 billions for security reasons at the olympic games in salt lake city.that is the biggest budget that a gov has ever paid.
but they missed the online-security because the central mailserver from International Sports Broadcasting (ISB), is pretty open!!that ISB is the host broadcaster for the games.all audio/video records are distributed from ISB all over in the world.for administer reason that is the only one that has the permission(rule from the International Olympic Committee ).
The mailserver is worldwide available(Microsoft Exchange Server 5.5) and there is no firewall.
the result from a simple portscan:
Interesting ports on mail.isbtv.com (63.226.107.165):
(The 1527 ports scanned but not shown below are in state: closed)
Port State Service
21/tcp open ftp
25/tcp open smtp
27/tcp open nsw-fe
80/tcp open http
110/tcp open pop-3
119/tcp open nntp
135/tcp open loc-srv
139/tcp open netbios-ssn
143/tcp open imap2
389/tcp open ldap
443/tcp open https
563/tcp open snews
593/tcp open http-rpc-epmap
636/tcp open ldapssl
993/tcp open imaps
995/tcp open pop3s
1109/tcp open kpop
1112/tcp open msql
1433/tcp open ms-sql-s
6667/tcp open irc
6668/tcp open irc Remote operating system guess: Microsoft NT 4.0 Server SP5 + 2047 Hotfixes
for an attacker is possible to manipulate the data.there is no ssl/tls encryption.a bad guy can get,read,manipulate and masquerade post his/her own message
Trying 63.226.107.165...
Connected to 63.226.107.165.
Escape character is '^]'.
220 mail.isbtv.com ESMTP Server (Microsoft Exchange Internet Mail Service 5.5.2653.13) ready
starttls
554 Unable to initialize security subsystem
what does it mean?
1.an attacker can forge data send worldwide for example to client-tv stations
2.the system is open to get permissions for security areas...and so on
the originial message:
http://www.heise.de/newsticker/data/ur-20.02.02-000/
cheers,
-
February 21st, 2002, 01:36 PM
#2
This type of thing might be avoided in the future when the new Cyber Security centre is up and running. Probably not though.
Click here for more details on the centre if interested.
If you don\'t learn the rules nobody can accuse of cheating.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|