Re: Yahoo hacked

Thomas Stromberg (dev.random@DEV.RANDOM.NU)
Wed, 10 Dec 1997 23:27:43 +0000

> The real question, that will probably remain unanwsered, is what was
> the hole? The top choise on the list is DNS chache poissoning to redirect
> Yahoo's homepage to some other web server, but that does not mix well with
> the statement that Yahoo was able to fix the problem after they realized
> what was going on.

There is speculation (though no confirmation, everyone at Yahoo!, including Filo, have been keeping this hush-hush) that it Yahoo!'s webserver is built on an old version of Apache and in the process they might have neglected to patch one of the known holes from the older versions of Apache.

In any case, word has supposedly come from someone at Yahoo that this exploit does not effect other FreeBSD hosts. So whether its a case of a modified buggy version of Apache, or some poorly written CGI's (possibly remote administration ones?) remains to be seen.

thomas "devrandom" stromberg
sysadmin @ royal institute of technology.