Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Pkware Site hacked

Pkware Site hacked

by platon on June 30th, 2001 Hackers today defaced the home page of PKWARE, Inc., makers of the widely used PKZIP archive and compression file utility, the company has confirmed.


Visitors to the site this morning were greeted with a blank white page except for the following text: “first zip your security holes, then files (if there is time left) :P -the Collective- .“



Aside from the home page, other sections of the site, including the PKWARE Store Front and PKWARE Online Product Catalog, appeared to be intact.



A PKWARE spokesperson told Newsbytes the company discovered the breach this morning and immediately restored the original home page but is still investigating the incident. According to the spokesperson, no credit card information is stored on the company's server.



The site, which is hosted by SPS Productions of Wawatosa, Wis., was one of several defaced at the hosting company today, according to SPS technical director Randy Berdan, who declined to provide details.



According to a port scan of the site, PKWARE.com is running the Apache Webserver on Sun Microsystems' Solaris operating system. The scan also shows a number of open ports, including FTP, X Windows, sunrpc, and Telnet.



Ken Dunham, senior analyst with information security provider Atomic Tangerine, said site operators should harden their servers against attack by shutting down unnecessary services and properly configuring the rest.



"A simple, 10-minute review of the site shows PKWARE.com is vulnerable to attack in several areas," said Dunham.



The site's e-commerce section runs on the Miva Merchant online storefront from Miva Corp. of San Diego. No reports of vulnerabilities in the product have been logged in the SecurityFocus database.



The attackers who took credit for the defacement, the Collective, have not defaced any other sites under that name, according to the defacement archive maintained by security information site Alldas.



The PKZIP software was developed Phillip W. Katz, who was quoted as saying he came up with the idea in 1986 at while sitting at his mother's kitchen table. Katz died in April 2000.



A mirror of the PKWARE defacement is archived here:


http://defaced.alldas.de/mirror/2001/06/29/www.pkware.com





Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »