PDA

View Full Version : A worm in the apple ?


MacRumors
Jul 20, 2001, 03:31 AM
This site was cracked using a now well-know security leak in phplib.
Please upgrade your version of phplib (the 7.2D is available from phplib.netuse.de) in order to bring back security on your website.
Also don't use the same password for your mysql database and your ftp as this is how I could upload and create this special topic (I meant no harm).

May the savate be with you ;-))

AsiaWrite
Jul 20, 2001, 05:59 AM
The next time someone breaks into your apartment complex using a stolen radio frequency to mimic your clicker, sneaks up through building security because he's pilfered one of your keys, and then enters your flat and moves the furniture around, eats your food and leaves a message saying:

"You really should be more careful..."
"I didn't really mean you any harm..."

Just be grateful you weren't around to find out how damn civic-minded this SOB really is!

Who would be thankful for such a "public service" in the real world? This is not "hactivism". This rates the same as a two-bit punk who robs silver and jewels from the homes of senior citizens and leaves a note on the door after he's gone...

[Edited by AsiaWrite on 07-20-2001 at 07:31 AM]

DJ Hoyt
Jul 20, 2001, 12:48 PM
I mean really. If this guy didn't "hack" into this website and tell us what's wrong we wouldn't have known. It's better than some other person that IS a SOB and completely erase all the forums and mix up the user name and passwords of everyone. Now THAT would be wrong. He was quite useful in showing "us" what needs to be done. Besides, how did I post this forum? Quite easy, even though the index page was that thing posted by arn, I went into the folder forums and there was still everything. So did I hack? I don't think so. Just found a way to continue enjoying this site =) So I thank the person that exposed this leak in the code to us. That was really helpful, thanks :-)

Eric
Jul 20, 2001, 08:09 PM
Sorry, if he wanted to advise of the vulnerability he could have sent an email to macrumors.com. Instead, he exploited the vulnerability. Logging most likely has his IP.

Kela
Jul 23, 2001, 02:17 AM
CAn you people like chill? The people at macrumors.com have done a good job upgrading. The hackers was a nice hacker so we should thank him. NOW CHILL.

- Kela the rat

DJ Hoyt
Jul 23, 2001, 09:35 AM
That's what I'm saying. And yes there is such a thing as a nice hacker. I mean, he could've really trashed this site, and he didn't. Yes he could've sent a personal E-mail. But the whole point of hacking is not to destroy the site, but brag about successing in it. That's fine =) I mean, it's like comming home to your apartment and seeing a note on the door saying "Your door is unlocked, keep it locked or things might disappear" I look inside, and everything is still there, in fact it looks like nothing was touched. I feel weary but no harm was done. As I say, no prosecution is neccessary :-)

idoru1135
Jul 23, 2001, 11:06 AM
I think the hacker should find more CONSTRUCTIVE use for his/her time. He/she is obviously profecient. If you're reading this (I'm sure you are), take this as a compliment- do us all a favor and come up with an OS, browser, or the next new utility or website of your own that will change the world. Many of us will never have the brilliance you have, put it to good use on something you have pride enough to put your name on. If you can't do that, be MAN or WOMAN enough to give us your real e-mail address, than we can all say he/she has GUTS.

DJ Hoyt
Jul 23, 2001, 12:30 PM
Actually it sounds like the hacker didn't do much to hack into the site. He said that it was pretty easy to do. And programming I believe is harder than basic hacking. Who is me to judge, I'm not a hacker. What's this "Slash Code" i'm hearing about?

spikey
Jul 23, 2001, 01:16 PM
I saw a TV program on hackers a few nights back, they said that steve jobs and this other dude started building apple computers for hacking and just messing around with, Jobs a hacker? is that true?

arn
Jul 23, 2001, 01:21 PM
Originally posted by DJ Hoyt
Actually it sounds like the hacker didn't do much to hack into the site. He said that it was pretty easy to do. And programming I believe is harder than basic hacking. Who is me to judge, I'm not a hacker. What's this "Slash Code" i'm hearing about?

SlashCode is the PHP Port of Slashdot's PERL code that runs their site. It used a certain library that had security issues... (if you trust the 'hacker' :) ) The Slashcode itself also had security issues. Macrumors ran on the PHP Slashcode (or did, until last night).


Instead of dealing with it all, I ditched the code entirely... and rewrote the front end. The backend (these forums) were already in place.

arn