Introduction

The morning newspaper carried a story of a computer company being hacked. The article carried some quotes from the company's Chief Information Officer (CIO) and a few security "experts" who were called to the scene to investigate what was touted to be the work of a skilled hacker. In reality, it turned out to be a script kiddie, using an automated IIS Unicode attack script, who had replaced the company's main Web page with some poorly spelled gibberish. The fact that $30,000 was stolen from computers belonging to a major bank in the same city was somehow not reported in the paper. Nothing was done to the bank's Web pages though.

Most of the "hacks" reported in news media are incidents of Web site defacement, or as we call it, cyber graffiti. Most defacements result from hackers using prefabricated exploits to gain administrative control of the target system and then replacing the Web pages hosted on the system with their own version. On certain rare occasions, Web site defacement occurs in quite an unusual manner. The attacker may not have had an opportunity to gain any sort of user-level privileges on the target system but was able to take advantage of poorly written Web scripts or poorly configured Web servers to carry out the defacement.

In this chapter, we follow and analyze the exploits of Mallory, a security geek, working as a network administrator in a small company in San Francisco, who used quite an unusual method of attack to deface the Web site of a travel agency. We then present suggestions for protecting against this type of attack.