On Thu, 4 Oct 2001, Martin H Hoz-Salvador wrote: > Hey! but the Bank is based on Sudan. So, if they have the > software, they imported it to Sudan illegally, since it > exist export control for that Country. If it's illegal, > probably they were not well assessed to implement it, and > and probably they don't have any updates...
But the server is located in Norway: borrmann@rustavi: > host www.shamalbank.com www.shamalbank.com is a nickname for neptun.activeisp.com neptun.activeisp.com has address 213.188.129.26 neptun.activeisp.com has address 213.188.129.26 borrmann@rustavi: > whois -h whois.ripe.net 213.188.129.26 % This is the RIPE Whois server. % The objects are in RPSL format. % Please visit http://www.ripe.net/rpsl for more information. % Rights restricted by copyright. % See http://www.ripe.net/ripencc/pub-services/db/copyright.html inetnum: 213.188.128.0 - 213.188.134.255 netname: COM-ACTIVEISP descr: Active ISP ASA. Region Norway country: NO And in this way, it should be possible, to secure the website by Firewall-1. Regards, Micha > On Wed, 3 Oct 2001, Kevin Martin wrote: > > > It would be interesting to know what the exploit was (if it was one of the > > exploits that were from the BlackHat conference or not) and what the version > > and patch level of the firewall was. If any of the hackers from this group > > are on this list and would like to share that with us anonymously somehow > > I'm sure we would all greatly appreciate it. > > > > Thanks. > > -----Original Message----- > > From: Christian ALT [mailto:[EMAIL PROTECTED]] > > Sent: Monday, October 01, 2001 3:43 PM > > We have seen the following information. We cannot guarantee it > > > > > > TLAflash 2.10.2001 > > Hacker -- A group of U.K.-based hackers has cracked computers at the > > AlShamal Islamic Bank in Sudan and collected data on the accounts of the Al > > Qaeda terrorist organization and its leader Osama bin Laden, Kim Schmitz, a > > flamboyant German hacker/businessman, has claimed. This information cannot > > be confirmed and must be taken with caution. A team of U.K.-based hackers > > sprang into action, and hacked the nameserver of AlShamal Islamic Bank, he > > said. They were able to gain access to the bank's intranet by exploiting a > > "checkpoint firewall 1 vulnerability," he explained. After bypassing the > > firewall, the hackers achieved "superuser" status on the server, and > > "sniffed" eight valid user IDs, and then were able to collect information on > > accounts of Al Qaeda and bin Laden. > > > > > > Since it seems that a Firewall-1 was abused, I just wanted the list to know > > about it. The original source is the following > > > > http://www.elcom.co.uk/news_story.asp?id=637 > > > > Christian ALT -- see MB6408-RIPE (http://www.ripe.net/cgi-bin/whois?MB6408-RIPE) for detail contact information ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
