Re: RIAA defaced -again!

[InfoSec News <isn () c4i org>]

Forwarded from: dude <dude () fastmail ca>

This is a very good point.  The TRUTH is that the RIAA hacks have all
been super-easy and only an idiot would leave such holes open.  Right
now as I write, their CF administrator site is wide open, with
absolutely ZERO security to get to the login page.  I wrote them weeks
ago of the vulnerability and they have not fixed it.

Furthermore, the TRUTH is that all of these hacks should be
preventable by anyone who can click a mouse and anyone who knows
anything about IT security would know this, but jedges and lawyers
have repeatedly displayed their unique ability to misinterperet facts
concerning technology.


> Forwarded from: The Unknown Security Person...
>
> [With apologies to Murray Langston...  ;)  - WK]
>
> I think it is obvious that the RIAA has the resources to stop
> these defacements.  Has anybody considered the possibility that
> maybe the RIAA wants their web site to be hacked repeatedly?  They
> could use such events to help paint a more convincing, darker
> picture of their "enemies", and they could use these hacks as
> ammunition in court and before Congress to help justify stricter
> laws, more freedom for the RIAA to take offensive action
> themselves, etc.  Also, the RIAA might get more sympathy from
> judges and lawmakers, and even some of the general public.
>
> When kids deface the RIAA web site and provide links to
> filesharing software, then that software is consequently going to
> be associated with criminal activity and criminals.
>
> Regards,
> USP
>
>
>
>
> http://www.theregister.co.uk/content/55/28817.html
>
> By Drew Cullen
> Posted: 11/01/2003 at 22:06 GMT
>
> Reader reports are flooding in that the RIAA.org has been defaced
> - again. At time of writing, the site appears to be down, And
> several readers have been kind enough to include screen grabs,
> showing that the front page today carried the following message.
>
> RIAA - 0wn3d by.... ;p
> oooh riaa want's to hack Filesharing Users / Servers ? - better
> lern to secure your own server...
> Sorry Admin - had to deactivate ur accounts - they'll be
> reactivated after 2 hours
>
> greetz : Rage_X, BRAiNBUG, SyzL0rd, BSJ, PsychoD + all the others
> who want to stay anonymous :]
> wanna contact ? mailto:h4x0r0815 () mail ru
>
> Underneath the greets, there is a list of RIAA 'recommended'
> file-sharing tools, such as KaZaA and eDonkey. Downloads from
> these sites are 'sponsored by www.riaa.org'.
>
> The RIAA site has been hacked four times in recent months. Surely,
> they should have figured out how to put a stop to this by now?



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.