The True Story of How Defensivethinking.com Got "Hacked" For a Second Time

On Sunday the 23rd of February 2003 Kevin Mitnicks company site defensivethinking.com was publicly defaced for the second time this month. This time however the defacer replaced the homepage with his own political message. The defacer used the same security vulnerability with Microsoft Frontpage extensions that was used to gain unauthorized access to the site the first time by BugBear. (In Windows XP one can simply go into ‘My Network Places’ and add a ‘Network Place’ called www.defensivethinking.com – you are then able with no password restrictions to edit the site). After checking Netcraft Rootsecure.net discovered that defensivethinking.com recently changed hosting providers again to Fuse Internet as of the 22nd of February which is why the same vulnerability resurfaced. It is understood this was done as a temporary measure while they are configuring their own server running *nix. Rootsecure.net has read the Zone-H’s article (currently on its 3rd update) and Security News Portal’s subsequent article (SNP have now published a second article), however they both contain inaccuracies. Here follows the true account of what happened as witnessed by Rootsecure.net. Full Story