thankfully i'm not at his team, Hit2000 isnt really a team. Me and Nohican are with RooT66 (http://root66.student.utwente.nl). Hardbeat (with who I did apache.org) aren't with Hit2000 either.
Gerrie Mansur used a way to view server side scripts, meaning he knew the passwords the server used to LOCAL connect to the database. Well that was his great hack, lets spoof 127.0.0.1 from your home cable modem? (no way i work at his cablemodem company:)
I am curious if people think that the folks who broke in are "white hat" intruders. If they are "white hat" intruders, what was the point of making a fake post on Slashdot in CmdrTaco's name? Why didn't they just email the Slashdot admins with the security holes and request that they be fixed?
Making a fake post is cute, but it is a bit childish. I can not think of any other reason why the hackers made a fake posting other than making a name for themselves or embarrassing the site operators. Was the security of Slashdot really their primary or even secondary concern? Fake posts are no better than grafitti
well thank you for you trust, perhaps you should turn it around. Security of slashdot was our primary concern and we secured it. By posting that little message we drew attention for security. We didn't posted details right away because we were still in chat with slashdotadmins. Details always come later. Now everybody knows how and ppl are fixing simular problems right now everywhere.
I think by posting that one message, more sites got secured, what wrong with that? Should I have written that paper 'How we hacked apache.org' with HardBeat some time ago either? Perhaps we should all go use microsoft software with their auto updates and trust that
However, I do not think it is polite or justified to inform a site's admins of security holes through graffiti on the front page of their website at 10:30 PM. An anonymous or pseudononymous email message would have had the same end result. (Getting phone calls about urgent time sensitive problems at 10:30 PM is bad enough for most system administrators; getting phone calls for problems that could have been solved in the morning is really frustrating.)
Hmm perhaps you are the first admin that really cares about time when your site got hacked. Those admins were just on irc at that time and we spoke with them immideately after. Security isn't something that can wait IMHO
The folks who broke in may not have been "black hat" intruders, but it is specious to call them "white hat" hackers. Perhaps there needs to be a term like "gray hat" hackers, but "immature self-promoting" hackers seems to work just as well
I really hope you aren't a sysadmin, I think you'd be more busy sueing hackers then fixing secuirty problems, and you really have a lot of faith in ppl helping you. Again thanks for your trust
-{}
Slashdot Mirror
thankfully i'm not at his team, Hit2000 isnt really a team. Me and Nohican are with RooT66 (http://root66.student.utwente.nl). Hardbeat (with who I did apache.org) aren't with Hit2000 either. Gerrie Mansur used a way to view server side scripts, meaning he knew the passwords the server used to LOCAL connect to the database. Well that was his great hack, lets spoof 127.0.0.1 from your home cable modem? (no way i work at his cablemodem company :)
erhm we did fix it
I am curious if people think that the folks who broke in are "white hat" intruders. If they are "white hat" intruders, what was the point of making a fake post on Slashdot in CmdrTaco's name? Why didn't they just email the Slashdot admins with the security holes and request that they be fixed? Making a fake post is cute, but it is a bit childish. I can not think of any other reason why the hackers made a fake posting other than making a name for themselves or embarrassing the site operators. Was the security of Slashdot really their primary or even secondary concern? Fake posts are no better than grafitti well thank you for you trust, perhaps you should turn it around. Security of slashdot was our primary concern and we secured it. By posting that little message we drew attention for security. We didn't posted details right away because we were still in chat with slashdotadmins. Details always come later. Now everybody knows how and ppl are fixing simular problems right now everywhere. I think by posting that one message, more sites got secured, what wrong with that? Should I have written that paper 'How we hacked apache.org' with HardBeat some time ago either? Perhaps we should all go use microsoft software with their auto updates and trust that However, I do not think it is polite or justified to inform a site's admins of security holes through graffiti on the front page of their website at 10:30 PM. An anonymous or pseudononymous email message would have had the same end result. (Getting phone calls about urgent time sensitive problems at 10:30 PM is bad enough for most system administrators; getting phone calls for problems that could have been solved in the morning is really frustrating.) Hmm perhaps you are the first admin that really cares about time when your site got hacked. Those admins were just on irc at that time and we spoke with them immideately after. Security isn't something that can wait IMHO The folks who broke in may not have been "black hat" intruders, but it is specious to call them "white hat" hackers. Perhaps there needs to be a term like "gray hat" hackers, but "immature self-promoting" hackers seems to work just as well I really hope you aren't a sysadmin, I think you'd be more busy sueing hackers then fixing secuirty problems, and you really have a lot of faith in ppl helping you. Again thanks for your trust -{}
damn i dont exist?
host -a -l slashdot.org (:
the database was hosted on just one box, never touched the webservers
Have you ever thought of the use of passwords when a database is compromised (meaning you can't only read but also write to it)?
We have older accounts, does that matter?
-{}
erhm search for 'Frank van Vliet' on securityfocus and you know all about me ({})
as Frank
-{}