[Off Topic]Do you want to know how Mitnick got defaced? The true story behind the hack

To: debian-user-portuguese@lists.debian.org
Subject: [Off Topic]Do you want to know how Mitnick got defaced? The true story behind the hack
From: "raphael" <raphael@grupoevision.com.br>
Date: Thu, 20 Feb 2003 10:41:17 -0300
Message-id: <[🔎] WorldClient-F200302201041.AA41170233@grupoevision.com.br>

The attacker simply took advantage from the fact that DefensiveThinking 
administrator forgot to set up the policies for Frontpage extensions.

To deface Mitnick's site it was enough to go on your windows desktop, 
create a new webfolder and name it with www.defensivethinking.com. The 
lack of security set to Frontpage allowed the attacker to view the entire 
DefensiveThinking websystem as a folder of the attacker windows computer. 
To deface the webpage it was enough to create an HTML file with the 
defacement message and drag&drop it into the newly created webfolder. As 
simple as told.

This configuration mistake allowed the attacker to view, browse, read all 
the files in DefensiveThinking's web structure.

We'd like also to say that the hacker didn't have the previlege on 
DefensiveThinking to remove or rename the default.asp home page so he 
just uploaded a hacked.html file.

When Mitnick, interrogated by friends at The Register stated: 

-"The compromised computer is a public system on a network separate from 
production systems at Defensive Thinking. No customer information was 
released nor was in danger of being compromised"-,

we really hope it went in that way.

Reply to:

Prev by Date: Evolution e listas de discussão
Next by Date: Re: dhcp com duas placas de rede:duvida boba
Previous by thread: Re: Evolution e listas de discussão
Next by thread: dhcp com duas placas de rede e mais IP masquering
Index(es):
- Date
- Thread