<p dir="ltr">I hope for his sake it is quickly realised he is just trying to help them and that will be the end of it.</p>
<p dir="ltr">There was enough fuss about my FSS incident by changing a bloody number in a URL. Sounds like he went a little further than just changing a number.</p>
<p dir="ltr">I read it as SQL injection which is harder to brush off as a simple URL typo. The today tonight (?) video of him appears to show him playing around with a JSON interface. But that could just be for show. I hope it isn't as silly as +Indexes.</p>
<p dir="ltr">But regardless, police and Melbourne Transport or whatever they are called should look at intent, and intent alone.</p>
<p dir="ltr">All these accidental cracker stories are getting tiring. Why is there never a focus on how stupid of a mistake the corporation made? It is getting to the point where the layman is starting to understand there are good samaritans and they aren't to blame.</p>
<p dir="ltr">It is time law enforcement caught up with the Australian community acceptable standards.<br>
</p>
<div class="gmail_quote">On 8 Jan 2014 23:20, "Tim March" <<a href="mailto:march.tim@gmail.com">march.tim@gmail.com</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
Anyone know what the actual "hack" was? A couple of links I found<br>
implied he "found an old database while browsing," which just sounds<br>
like they had +Indexes and Google found it.<br>
<br>
FWIW I found a directory indexing issue in $GovAUAgency a couple of<br>
years back with db dumps, credentials, admin scripts, SSH keys, bash<br>
logs (lock, stock, the lot...) and tried to notify their infrastructure<br>
provider. It was a nightmare. I ended up talking Ralph<br>
Wiggum^H^H^H^H^H^H^H^H^H^H^Ha support punter through it on the phone...<br>
<br>
"open your browser... now go to Google... Now search for<br>
'site:$GovAUAgency filetype:sql'"<br>
<br>
"What is it?"<br>
<br>
"Umm... Show that to your security punters"<br>
<br>
"My tummy feels funny *mouth breathing*"<br>
<br>
<br>
... The site was like it for months afterwards.<br>
<br>
TL;DR; If the kid was Google hacking, responsibly disclosed and they<br>
called the Fuzz that's pretty poor form.<br>
<br>
<br>
<br>
T.<br>
<br>
On 8/01/14 10:35 PM, Damian Guppy wrote:<br>
> Oh Good. Now watch as prosecutors press the courts to enhance the<br>
> charges so he can be tried as an adult and sentenced to more time behind<br>
> bars than the latest murder.<br>
><br>
> --Damian<br>
><br>
><br>
> On Wed, Jan 8, 2014 at 7:28 PM, Patrick Webster <<a href="mailto:patrick@aushack.com">patrick@aushack.com</a><br>
> <mailto:<a href="mailto:patrick@aushack.com">patrick@aushack.com</a>>> wrote:<br>
><br>
> <a href="http://m.theage.com.au/it-pro/security-it/hacked-site-reports-boy-to-police-20140108-hv7tl.html" target="_blank">http://m.theage.com.au/it-pro/security-it/hacked-site-reports-boy-to-police-20140108-hv7tl.html</a><br>
><br>
><br>
> _______________________________________________<br>
> AusNOG mailing list<br>
> <a href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a> <mailto:<a href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a>><br>
> <a href="http://lists.ausnog.net/mailman/listinfo/ausnog" target="_blank">http://lists.ausnog.net/mailman/listinfo/ausnog</a><br>
><br>
><br>
><br>
><br>
> _______________________________________________<br>
> AusNOG mailing list<br>
> <a href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a><br>
> <a href="http://lists.ausnog.net/mailman/listinfo/ausnog" target="_blank">http://lists.ausnog.net/mailman/listinfo/ausnog</a><br>
><br>
<br>
--<br>
PGP/GNUPG Public Key: <a href="http://d3vnu11.com/pub.key" target="_blank">http://d3vnu11.com/pub.key</a><br>
_______________________________________________<br>
AusNOG mailing list<br>
<a href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a><br>
<a href="http://lists.ausnog.net/mailman/listinfo/ausnog" target="_blank">http://lists.ausnog.net/mailman/listinfo/ausnog</a><br>
</blockquote></div>