Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Mouhahahahahaha

  1. #1
    Computer Forensics
    Join Date
    Jul 2001
    Posts
    672

    Cool Mouhahahahahaha

    Can I just say that I love IIS?

    Today I checked back on a company that I had emailed about holes in their webserver. They fixed them.

    This is an international corporation. www.pall.com

    They actually listened to lil ol me ! hahahahaha



    here is the letter I sent to them.(if you want to read)

    Dear Webmaster,
    I have been doing some private research on companies in the Ithaca/Cortland
    area of New York. I have not been authorized to do this nor has this
    informtion been requested by anyone. I am doing it for my own benefit. I
    recently left my job and have been searching for a few months. Apparently I am
    not qualified for the jobs in the area because no one has hired me. So, I
    decided to conduct this experiment to see how "good" my competition is and see
    how good the people in the current positions are. Needless to say I have benn
    disappointed so far. I have tested some local webservers running Windows
    NT/2000 IIS 4.0/5.0 for vulnerabilities and I have been alerting the proper
    people if these vulnerabilities are found. THERE IS NO MALICIOUS INTENT! I am
    just giving out free information, and help if wanted.
    Now on to the information.
    Your server is vulnerable, if you do not believe me then try this address in
    your Internet explorer window.
    < this link was removed for security purposes>
    You will notice that this is a screen where passwords can be changed. Your
    server can also be shut down from this screen.
    I beg you to go to www.securityfocus.com for more information and patches.
    There were more security holes than I have given you. I will send you the
    complete list as soon as you respond to this message. ( I really hope you do
    respond to this) I have left out my personal information because I fear that
    you will misinterpret the information I have given you. The email address I
    have listed is real, so feel free to contact me at that address. I hope that
    this has given you enough help to speed you along your way to a safe,secure
    webserver. I hope you do decide to contact me so that I can help you(as I said
    it is free, there is no cost)because now I know that you cannot do your job. I
    HAVE NO MALICIOUS INTENT by doing this, I am trying to help increase computer
    security in the Ithaca/Cortland New York area. Hope to hear from you.

    Antionline in a nutshell
    \"You\'re putting the fate of the world in the hands of a bunch of idiots I wouldn\'t trust with a potato gun\"

    Trust your Technolust

  2. #2

    Talking

    Good for you hogfly, What where you using to do the scans?

    On another subject where did my infamous green smilie go that i used to denote all of my messages?

    What do you think of the new antionline?

  3. #3
    Computer Forensics
    Join Date
    Jul 2001
    Posts
    672
    I have compiled a list of vulnerabilities that I check in my browser. I realize that I should code a script to check them for me but I just don't feel like it.

    I really have no idea what happened to your icon.....you'd have to ask JP ( he could be working on that feature still)

    the new forum and what do I think......thats a different topic all together. its good to see you back here odd.
    Antionline in a nutshell
    \"You\'re putting the fate of the world in the hands of a bunch of idiots I wouldn\'t trust with a potato gun\"

    Trust your Technolust

  4. #4
    Originally posted by oddvector
    On another subject where did my infamous green smilie go?
    People liked it, so JP removed it.

  5. #5

    Lightbulb

    I'll just have to switch to this one!

  6. #6
    i am sure hogfly, ur mail must have swept them off their feet for once.They had to listen to u since u wrote u'll tell them more of their security holes once they reply.
    Anyways its a good social service ur doin'.

  7. #7

    Thumbs up

    Good Work hogfly.

    Try to impress them and get a contract for their routine security checkups. This comes under "consultation" you know...
    Ah well...I\'m back on AntiOnline!

  8. #8

    Question Hummm not sure on this one

    I am pretty sure that I just read about someone that did that over in Europe and is now spending some time because of it. Unfortunatly most companies don't like to be told their weaknesses by someone exploiting them even if there attempt is one of honest intentions. If I found out that someone got into my system because I accidently left a finger port open or something stupid I would go after them. My suggestion to you is to go into a company and ask them if they would mind you testing to see if they are vulnerable. Tell them if they would let you test there system with there knowledge of you doing so and that if you cracked it they would hire you to fix the problems. You provide them with FREE testing and if you break in you get a job and not a trip down to the jail where you are placed in with people who are not afraid of computer geeks.

  9. #9
    Junior Member
    Join Date
    Aug 2001
    Posts
    8

    Exclamation Good Work!

    Well, Hogfly, I'm very excited that you've done a good deed. I agree with FlashOveride, though. You need to get a company's permission before you go around hacking their sites. Just because you have no harmful intentions, they don't know that when they log you accessing their system. But don't let that dissuade you. What you have done is a great thing, but I would be careful about the way you execute it. You probably helped out their security people greatly by doing so.

    ***Note to all***
    Even the Security Specialists might miss a few loopholes. It's always nice to have someone help us out, just as long as they do it legally (i.e., with permission in advance). Compare it to a school paper that you had to write. Since you know what it says when you look over it, you might not catch all the mistakes. It's just the same with computer security. The point is, thank you to all of those true, real, respectable hackers out there, not crackers, but the one's who actually help people out. Without you, the Internet would completely cease to exist.

    Thank you for your attention, and may God bless you all
    Usually, no one cares what I think... If I\'m lucky, maybe YOU will :-)

    --Alexander Paul Baston

  10. #10
    Computer Forensics
    Join Date
    Jul 2001
    Posts
    672

    Wink

    Well, I suppose I should respond to the new comments.

    I agree that being cautious of those sysadmins that get angry,jealous or what have you, is a good idea. I thought that over many many times before I sent that email to that company. Hence, why I used a fake account and did not include any personal information.
    Get a companies permission? Sorry, but I can't help but laugh at that one. Have you ever tried to get the attention of arrogant consultants(those that work in security) to tell them that they are insecure? I can't even get their attention let alone their permission. This is not the only company that I have alerted, there are several more. Not one(other than this one) has responded or patched their servers. (I check on occasion)

    I figure if they are not going to listen, or even bother to respond, then they deserve what they get. Not my problem.
    Consider my position while I was doing this.....I am 21(a kid in the IT world) I left my job, only to be unemployed for the next three months. I had sent out tons of resumes, mostly getting those nice, impersonal rejection letters. Other times I got interviews and not the job. I was pissed and curious at the same time. I kept wondering, what am I missing? What do these people have that I do not? The proof is in the pudding. They have nothing that I don't have. I was kidding myself.
    So, in the end, everything has worked out, I have a job, I'm not in jail or being prosecuted, and those people who listened, saved their company some money and a headache from crackers(or whatever you wish to call them). Those that didn't listen........Mwahahahahahaha **** em.

    Thanks for the responses guys.
    Antionline in a nutshell
    \"You\'re putting the fate of the world in the hands of a bunch of idiots I wouldn\'t trust with a potato gun\"

    Trust your Technolust

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •