FTC Denies Web Site Security Hole

[InfoSec News <isn () C4I ORG>]

http://www.computeruser.com/news/00/12/13/news5.html

By David McGuire
December 13, 2000

The Federal Trade Commission (FTC) has angrily refuted a news story
that its Web site is vulnerable to intrusion due to a reported
security hole in Netscape's Enterprise Server software.

In an article late last week, IDG News Service quoted an unnamed
European ex-hacker as saying that the Enterprise Server software used
by the FTC and the FBI on its Web site allowed savvy users to access
to restricted levels of the government Web sites.

"I'm stunned that there was a story because the allegations that the
guy made were totally and completely inaccurate," FTC spokesperson
Claudia Bourne Farrell said. "There is no way in the world that they
could have gotten into our site using" the purported security hole,
Farrell said.

Mike Frank, a senior FTC computer specialist who was quoted in the IDG
article, said that the Enterprise Server feature that reportedly
allowed hackers access to the site wasn't even enabled on the FTC
site.

And if that feature was enabled, it would not allow even a savvy
hacker to alter or gain access to sensitive portions of the FTC site,
since those changes are made at the operating system level, behind yet
another set of security defenses, Frank said.

Responding to the nature of the reported security flaw in the Netscape
software, Frank said, "It could conceivably be a hole if someone were
dumb enough."

An FBI spokesperson had no comment on the story or the alleged
security hole except to say that the bureau does not comment on
ongoing investigations.

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".