Defacement Question

[linuxguy99]

I was roaming on Zone-H.org today, and was looking at different defacements by different groups. Here is a defacement I found particularly interesting: Defaced Page

I was wondering, how in the world did this defacer get all of this info? Is this public record and he just posted it, did he/she illegally get into a database somewhere, or did the victim just give the information up on IRC?

How much info is out there for the "taking?" I thought some of this stuff was private (like SSN's), but it is obvious it is not by this defacement. This is really scary if you ask me

I was also thinking how careless some (including I) get when chatting, posting, or just throwing information un-encrypted or cautiously on the Internet. This to me is how carelessness can really backfire.

How "private" is our private information?

Edit: Sorry for the broken link

Cheers

[thehorse13]

Well the link you posted was erased so I can't see the actual data. Foundstone has a number of good articles (www.foundstone.com) that deal with fingerprinting techniques.

What is scary is that some companies actually post a TON of useful info on their websites that can be used to comprimise their networks. After some sniffing around, I have found this to be absolutely true.

Bottom line is that we are responsible for our data security.

[CXGJarrod]

linuxguy99: I cant find the link, but Forbes magazine wrote an article about how they had a Private Investigator find out as much info about one of their writers as possible. Within days, the PI had Social Security numbers, bank numbers and all kinds of other info. Most of it was done through social engineering.

[jxrry59]

That is some scary stuff-fbi directions to the house were a little amusing but ....-Because of that I don't use my real name for anything , except where absolutely required and I know anyone determined to get personal info on me could do so but I deal with the web in a state of extreme paranoia. I don't even do anything wrong to the best of my knowledge and I take pains to cover my tracks.
Interesting post-thank you

[Gregctfp]

The link worked for me, and that is an amazing collection of information.

[bludgeon]

That just trips me out, wonder if they used one of those, buy now for 29.95 and get all the dirt on anyone anywhere proggies.

[d0ppelg@nger]

That's really weird coincedence...I work for the company that supplies that guys DSL......I work about 10 minutes from that guys house...ha ha.....

[ammo]

Wow, did you notice, in the dir of the hacked highschool server:
08/31/01 03:01p 1,006 katyisd_key.txt
09/25/01 03:09p 3,644 katysslcert.txt
07/02/01 12:37p 1,020 NewKeyRq.txt

SSL cert compromised? That CAN'T be good!
(Of course being rooted is never good, but now they have (well, SHOULD) have the issuer revoke the cert and issue a new one...
(You can see they're cert info with this link: (https://www.katy.isd.tenet.edu/) )
Anyone care to go lookup verisign's revoked certificate list to see if one of their (the highschool) certificate has been reported revoked recently? (I don't have the time to check myself right now...)

Ammo

[schoolsucks779]

That is scary how people can just find out all kinds of stuff about you just by hacking. I dont know why they would want to know all of that info but I wouldnt want anything about me on there. This is one of the main reasons I need to get Linux, I need more security than what Windows 98 provides!

[Madseel]

Actually bludgeon, those programs dont really work. My friend had one and it wouldn't give us very much information on anyone. The only thing we got out of it was the address, phone number, and a map to where the person lives. It only really told us where to go if we wanted information on someone.