Re: Is accessing a public website 'hacking'?

That's beyond retarded. The government should walk away from this and just lick their wounds. The ISP/webhost screwed up, and the Minister already sounds like a buffoon from his statements.

Besides, if they'd been Real Hackers®, they would have made a copy by using that super secret, 1337 website hacking tool, wget.

Re: Is accessing a public website 'hacking'?

They should walk away and lick their wounds, taking the learning experience as just that, doing better next time. Will that happen? Probably not. Will they go after the reporter? Only if they really want a PR clusterfeck on their hands. Isn't standard procedure for this type of thing that heads shall roll from the shoulders of the ISP/webhost/suit maintaining the site? Data stored on the public internet, intended to be secured, but not, is still on the public internet for all to see. The reporter did nothing special here, other than publish the contents of a website that anyone could have gone to themselves. Simply making the public aware of it shouldn't make much difference. Fact is they fouled up, not the reporter, and they are embarrassed by that.

Come on now, this is a public forum, you can't just give away secrets like that.

Re: Is accessing a public website 'hacking'?

Ooooh, the plot thickens.

http://www.computerworld.com.au/arti..._goes_offline/

So now the ISP is failing to stand up to their fsckup and claiming it was hacking. I surely hope they have some real logs showing the 'hacking' and not just site access logs. Otherwise they could be looking at the wrong end of a defamation suit.

Re: Is accessing a public website 'hacking'?

I suppose that only time, and logs will tell. Honestly it sounds to me that Bang the Table, may have had a bit of a whoops moment. The site being taken offline, tells me that they may be trying to figure out what actually happened, and are using the standard disaster recovery procedure of "It was hacked." Then again, they may be closing security holes that made all or parts of the site accessible in the first place. Like I said, time and logs will tell.

Re: Is accessing a public website 'hacking'?

http://www.abc.net.au/news/stories/2...24/2829344.htmSounds like they've gotten around to figuring out it was the hosting company's fault so they figure they're in the clear blame wise. The buck has been passed.

Who names their company Bang the Table anyway?

Re: Is accessing a public website 'hacking'?

Bang the Hoe was already taken?

Re: Is accessing a public website 'hacking'?

http://www.computerworld.com.au/arti...4194304&fpid=1

I guess the most important part here is, the government official should have never made such statements to begin with until all the facts were known. Glad to see that they owned up to their failures and are dealing with it accordingly.

Re: Is accessing a public website 'hacking'?

Well, that plot certainly revealed itself in a manner befitting a script. I suppose all you can really do in this sort of situation is hope that lessons have been learned on all parties accounts. I'm sure that heads are in the process of rolling over at Bang The Table.

Re: Is accessing a public website 'hacking'?

Nearly identical thing happened just a short time ago back home.

http://blog.mastermaq.ca/2010/02/09/...ugh-obscurity/

Local blogger guessed a URL for upcoming budget docs, faces got red, but no one called it a hack. Guess some people are not as worried as others.

Re: Is accessing a public website 'hacking'?

Something similar happened in 2005 College Admissions Sites Breached. Really, what the applicants did was to alter form variables posted to a page (after logging in) to get access to information on being accepted before official notice of acceptance was sent to them by email or snail-mail. (There is an advantage in knowing early if you are accepted at a college, so you can begin to plan for housing, and more.)

The result? Harvard decided to reject 119 applicants that used this technique to get an early glimpse of their acceptance and MIT did the same for 32 would-be students.

Re: Is accessing a public website 'hacking'?

A similar story happened to a friend of mine:

On a rainy day, quite a few years ago, we were idling on IRC. Some guy comes in, posts a link to some ISP customer's webpage (like users.isp.tld/username). Everyone clicks it, another boring personal homepage with pictures of pets, however, something was off. It then came to us that this person had linked all pages and images in the following fashion: ftp://username:password@users.isp.tld/file. So naturally if you visit this page you'll login a couple times with this guys credentials. Everyone had a laugh at the sheer stupidity and life continued.

A few days later, this friend, who was also on that channel that day, received a visit from the rozzers. They claimed that he "hacked" some poor innocent guy's ISP account and read his email/changed his subscription, defaced his webpage, raped his dog, ... which by the way he didn't.

So the only evidence they had was a log of his IP address successfully logging in with the victim's credentials. It apparently didn't matter that there were about a gazillion more logins all from different IP addresses, they just seemed to have randomly chosen him. As no LEO involved in the case had even the slightest idea of what it all meant, the case went through and in the end he had to pay a 250 euro fine, for clicking a link.

Re: Is accessing a public website 'hacking'?

Long ago a local ISP had a policy of setting every user's default FTP password to "Changeit". Of course, most people didn't (or didn't know how to) change it, so a bunch of web sites got defaced before they changed their policy.

Really you have to wonder about the people in charge who come up with these ideas...

Re: Is accessing a public website 'hacking'?

Allowing world+dog to have FTP access is generally a bad idea to begin with.

Re: Is accessing a public website 'hacking'?

heh, only in the movies... when the geeky yet smooth-skinned protagonist goes to changemygrades.com and impresses the sexy, iconoclastic girl who will later kiss or sleep with him depending on the movie's MPAA rating.

what i think we're really asking here is "is doing basic HTTP stuff with a web browser an act of prosecutable computer trespass?"

interesting... so this was an HTML page that hotlinked some content via that method? thus, making it not clear to the people viewing the page that they were using credentials, etc.

pretty sneaky, heh. that in itself is a spiffy little hack, i'd have to say.


nod. however, that same evidence (if the system logs on the FTP server were being generated in a way that makes sense) would also likely have indicated that the accessing was done with client software that wasn't all that typical... a web browser instead of an FTP client.


it sounds like this is one of those situations where properly fighting it in court could have had the matter thrown out. i don't know Belgian law, but possibly if a lawyer were to demonstrate:

1. there was this joke page that existed (if someone saved a copy)

2. viewing that page automatically causes the FTP logins

3. the FTP logs show it was a web browser logging in

4. the FTP logs show multiple logins within less than a second (something no human would want to do or even could do manually) and data was only read, not modified

5. the FTP logs showed scores of other such logins all at the same time, then never happening again

6. someone, somewhere was irresponsible with keeping their login credentials secret

... there's a chance the case would have been dismissed. chances are, however, that it would have cost more than 250 Euro in legal fees. it's all a matter of how much a lack of a criminal record is worth to someone.

hopefully, this person won't click random links on IRC or will at least have the good sense to enable Tor before doing so.

i'm glad that they weren't hit with other fines or any incarceration or confiscation of equipment. it's a shame it got that far, but technically someone else's login was "used" even if it could be proven to have been accidental/unintentional.