◆ SpookStack

| _osios PM 12/5/2001, Fwd: Hacker Story enforcement agencies have expressed growing concern that a cyber-attack on the nation's mast important computer systems could accompany the next terrorist strike. “When you have a company that many of the major players in US business rely on for critical services, it is beyond essential that sensitive information of this caliber be available only to those with a genuine business need for it," Lame added. "I started with the same level of access as any employee. The newest intern could have done the same thing. "Thankfully, WorldCom's response was extremely prompt and effective, reflecting their level of concern in addressing these issues. Many of the points raised are not WorldCom-specific ~ you see these patterns at countless companies of this size.” MCI is the latest in a string of companies Lame has found to be vulnerable to Web-based intrusion. Days after the Sept. 11 attacks, Larmo used a proxy on the Yahoo network to add satirical content to a story on the company's Web site about Russian programmer Dmitry Sklyarov, a stunt that raised public concern about the integrity of online media. Earlier this surnmmer, Lamo alerted ExciteAtHome to similar vulnerabilities on the company's network that left the personal information of nearly 3 million customers and several thousand company employees available to even the most marginal of system crackers. ExciteAtHome later thanked Lamo for helping them to patch the hole. Lamo has also highlighted related vulnerabilities at Microsoft and America Online. ‘Lamo. said most companies are so concerned about protecting their networks against typical cracker exploits - such as common software bugs and buffer overflows - that they typically overlook security on internal Web-based systems designed solely for use by employees. "Companies don't generally pursue this angle of insecurity, and tend not to consider that confidential resources might be available to anyone with a Web browser," he said. “Many of these companies are running intrusion detection systems that will trip alarms if they spot someone scanning for known exploits. But most often, normal Web traffic goes unnoticed.” Reported by Newsbytes.com, http://www.newsbytes.com Ld Business Markets Public Relations be -2 b7¢ -2 WorldCom, Inc Phone] Pager: b6 -5 b7c -5 3 be -5 b7¢ -5 FBI(19-cv-1495)-2167