U.S. systems administrators should make sure their Web servers are secure before heading home for the long July Fourth weekend. This weekend, the "defacers' challenge" takes place, which pits hackers against one another in a game to deface Web pages.
It's too early to say whether the contest will mean an onslaught of Web defacements over the weekend. "This is a hard one to predict," said Pete Allor, manager of Internet Security Systems Inc.'s X-Force threat intelligence services.
Allor hopes companies will use the advance warning to lock down their systems so their Web pages don't get defaced. But, on the other hand, the hackers have also had time to prepare. "In some cases, sites could already have been identified and hacked. They'll put the defacements up on Sunday," he said.
In the meantime, companies should scan their systems for vulnerabilities and install all needed security patches. "You may think you are secure, but you made a configuration change that opens up your Web server," Allor said.
The contest, believed to be the first such event, gives points to hackers when they access an organization's Web servers and deface pages. They can rack up more points for successfully hacking sites running on more obscure operating systems, such as the Apple operating system and Unix flavors HP-UX and IBM's AIX. A successful defacer would get fewer points for breaking into more popular Microsoft or Linux systems.
If enough hackers take part in the challenge, it could disrupt Internet activity as defaced Web pages are taken down to be repaired.
ISS has received "credible information that hacker groups are conducting reconnaissance scans prior to the 'contest' to identify vulnerable systems," the company said.
"However, major activity won't publicly surface until the early hours of July 6, 2003," ISS said.
FOR MORE INFORMATION:
FEEDBACK: Are you taking this hacker challenge seriously?
Send your feedback to the SearchSecurity.com news team.