[AusNOG] Hacked site reports boy to police | theage.com.au
Tim March
march.tim at gmail.com
Wed Jan 8 23:20:21 EST 2014
Anyone know what the actual "hack" was? A couple of links I found
implied he "found an old database while browsing," which just sounds
like they had +Indexes and Google found it.
FWIW I found a directory indexing issue in $GovAUAgency a couple of
years back with db dumps, credentials, admin scripts, SSH keys, bash
logs (lock, stock, the lot...) and tried to notify their infrastructure
provider. It was a nightmare. I ended up talking Ralph
Wiggum^H^H^H^H^H^H^H^H^H^H^Ha support punter through it on the phone...
"open your browser... now go to Google... Now search for
'site:$GovAUAgency filetype:sql'"
"What is it?"
"Umm... Show that to your security punters"
"My tummy feels funny *mouth breathing*"
... The site was like it for months afterwards.
TL;DR; If the kid was Google hacking, responsibly disclosed and they
called the Fuzz that's pretty poor form.
T.
On 8/01/14 10:35 PM, Damian Guppy wrote:
> Oh Good. Now watch as prosecutors press the courts to enhance the
> charges so he can be tried as an adult and sentenced to more time behind
> bars than the latest murder.
>
> --Damian
>
>
> On Wed, Jan 8, 2014 at 7:28 PM, Patrick Webster <patrick at aushack.com
> <mailto:patrick at aushack.com>> wrote:
>
> http://m.theage.com.au/it-pro/security-it/hacked-site-reports-boy-to-police-20140108-hv7tl.html
>
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net <mailto:AusNOG at lists.ausnog.net>
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
>
>
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
--
PGP/GNUPG Public Key: http://d3vnu11.com/pub.key
More information about the AusNOG
mailing list