The U.S. Space and Naval Warfare Systems Command was defaced Monday morning,
with presumably legitimate screenshots of database files from a major
airline and bank.
Hackers On A Mission -- Security -- InformationWeek::
Two hackers say theyre defacing airline and government sites to point out security problems. Database Applications. ERP. Hosted Apps. Server
http://www.informationweek.com/news/software/showArticle.jhtml?articleID=6501882HOME |
Using a common gateway interface (CGI) hack, a defacing team calling
themselves the Deceptive Duo posted the information on the U.S. Navy site
to "ensure that the public is aware of the United States of America's lack
of security."
At the bottom of the defaced Web page,
several screenshots have been added, notably what seems to be a flight
schedule and passenger manifest for a Midwest Express airline database
using Microsoft Access in Windows XP Office.
The Lost Experience::
Poking through the database today I noticed I have a new user, rachel@rachelblake.com. Posted by: check airline flights | September 4, 2007 3:25 PM
http://www.thelostexperience.com/2006/08/the_mystery_of_the_tlecom_hack.phpHOME |
Zero Day | Archive for July, 2008 | ZDNet.com::
translation of the shutdown announcement, which was posted on a Russian Web site: warning found on the NVD (National Vulnerability Database), Apples flagship
http://blogs.zdnet.com/security/?m=200807&paged=2HOME |
"This situation proves that we are all still vulnerable even after 9/11,"
the DeceptiveDuo posted on their defacement. "Tighten the security before
a foreign attack forces you to. At a time like this, we cannot risk the
possibility of compromise by a foreign enemy," the Web page statement read.
It also appears the e-mail addresses and full names of Midwest Express
customers have been compromised with the screenshot, which one security
expert said, "seemed legitimate, and not just a manipulated image map."
Wisconsin Immunization Registry::
Posted: 8:19 AM Dec 16, 2005 The online database is secure and parents and guardians can view the record Vietnam War Memorial Defaced in Sheboygan
http://www.wsaw.com/news/headlines/2081816.htmlHOME |
Lisa Bailey, Midwest Express spokesperson, said the two hackers gained
access to its Web-based user profile database, an area that lets customers
update their personal information via a supposedly secure connection.
"Frankly, we're not sure how they got into it," Bailey told InternetNews.com. "We hired
consultants two weeks ago to go over our entire operations, but they hadn't
gotten to that (part) yet. We gave them a call this morning and they are now."
Kaspersky Labs Malaysian Web Site Hacked - Yahoo! News::
Russian security company Kaspersky Lab's Web site for Malaysia was defaced on Saturday along with one of its online shopping
http://news.yahoo.com/s/pcworld/20080721/tc_pcworld/148680HOME |
database Most Discussed Posts | Computerworld Blogs::
is working for a big airline, developing database applications. suffers a Web page defacement and malware attack -- and no Posted by John
http://blogs.computerworld.com/term/views/419/commentsHOME |
In an instant messaging interview with the two members, the Deceptive Duo
said it was "quite easy" to break into the database of the airline and the
Union Bank.
The two wouldn't explain how the bank database was accessible, but said
they got into Midwest Express because of a relatively common
vulnerability. The airline uses Microsoft SQL, which has a default
password to login. It's seems the system administrator didn't change the
password when the database was implemented and put on a live network. The
two merely gained access to the corporate intranet and typed in the default
password to get in the database.
In a preemptive nod to critics who say Web site defacing/hacking is not
the way to publicize security breaches, the Deceptive Duo said they've
already tried getting the affected companies attention in the past.
"We've tried subtle ways of informing the (admins of) vulnerable servers,"
one of the duo said. "It seems that it takes drastic means for others to
realize the severity of this all. And I feel if we show the mass public,
others will flex and strive to secure their servers as well. I mean, we
see everyone pushing for stronger security, yet we are still witnessing
breaches?"
"Unfortunately, it takes action to get a reaction," they concluded.
 AOL's AIM Puts Browser Security in Danger
 Feds Bust Silicon Valley Software Piracy Ring
|
