◆ SpookStack

Hacker had WorldCom in his ooo News.com Page 1 of3 CNET tech sites: Price comparisons | Product reviews | Tech news | Dow Front Page anes x advertisement Sfrengthen your Excel skills fast... esierasort lt’s easy with comprehensive, learn-at-your-own-pace Exco} 87/2000/XP a Bers CD-ROM-based training from TechRepublic. Ff Use SUMIF, IF, and VLOOKUP functions Learii Excel ii insit Hacker had WorldCom in his hands Search New: Advanced search By Robert Lemos Staff Writer December 6, 2001, 1:36 PM PT Latest Hea display on deskto Intel: Options wor earnings, Sofware giant thi The curious hacker strikes again. Internet backbone provider MCI WorldCom has acknowledged that network-intrusion specialist Adrian Lamo used a security hole in a company Web server to grant himself , ; access to its administrative network. Saget Conch The quizzical hacker poked around WorldCom's system four times over the past two months, Earthlink ge oes af ending last Friday when he told the company of the hole and helped it secure a misconfigured server. WSc brushes up. Microsoft drops pi | ; ; | Windows CE “l was looking for something to do,” the sometimes consultant and security researcher said 7 5 . 4, ., + . it of his desire to probe the infrastructure. Lamo considers himself a harmless intruder, which Acet-uaatedesite he asserts is far better than one bent on misdeeds. Study: Visual Bas slipping “It's definitely better than it would have been if someone wanted to attack Bank of America's _‘featames reanir sites and have it blamed on WorldCom," said Lamo, who is based in San Francisco. In Motorola to reope addition to Bank of America, WorldCom's cusiomers include America Online, Providian and office oil titan BP. New dawn of ontir HP embarks on n WorldCom apparently agrees with Lamo’s assessment. Execs point to wh the Web ‘We would rather know than not," said Jennifer Baker, a spokeswoman for the Internet 3Com to leaye Sif service provider. Alihough she would not give details of the discussions the company had with Lamo, Baker did say he helped the company. Mozilla's Firebird "We are definitely appreciative, and we have secured our system,” she said. clipped Microsoft shows ¢ MCI WorldCom is the fourth major company to find itself on the wrong end of a security hole prototype exploited by Lamo. Micrasoft, Excite@Home and Yahoo have all been tested by Lamo and House bets again found insecure. sambling Next Pai OS du in the latest case, Lamo exploited a so-called open proxy, a server that is normally used by a Protection sought company fo filter data on an Internet connection but, in this case, had been installed on a sities. Web server by accident when the server had been configured. This week's hear Such mistakes are a major problem in computer security, said Chris Wysopal, director of research and development for network-protection company @Stake. News Tool http://news.com.com/2100-1001-27671 1 himl?legacy=cnet&tag—mn_hd HT(2003 FBI(19-cv-1495)-1050