nanog mailing list archives
RE: Korean server security?
From: Joe Blanchard <jblanchard () wyse com>
Date: Wed, 17 Apr 2002 11:24:37 -0700
Looks like someone actually hacked their main server, and not the one that was the target. Anyone that signed up for the contest got an email something like the following:
Regards, We should all respect the fact that Korea Digital Works is very
brave for releasing
their products to the public like this, and openly inviting all hackers, to
find any possible exploits.
One has to keep in mind that no matter how many preventions you take,
there will always
potentially be a way to hack the system. Anyway, the contest server was
only simulation,
not a real world environment, and you have to ask yourself "who will have a
webserver running
with this small amount of services activated". No body. The real world
environment provided
in this contest was not the simulation server at all, it was the overall
contest in general.
This is why we decided to take the contest to the next level. We
chose to skip the
games and festivals, and go straight to the main server (where you
registered for the
contest). By taking this step, we achieve a real time environment with a
system that has
many services running, just like many other web servers. We also gain
access to the server
that contains all of the entries for the contest that is taking place, thus
granting us the
ability to manipulate those entries to our liking (keep in mind your prize
money relies on
your registration entry).
Theres more, but didn't want to pollute the list with to much off topic ASC. -Joe
Current thread:
- Korean server security? Bruce Williams (Apr 15)
- <Possible follow-ups>
- RE: Korean server security? Niedens, Travis (Apr 15)
- RE: Korean server security? Allan Liska (Apr 15)
- RE: Korean server security? Marc Pierrat (Apr 15)
- RE: Korean server security? Joe Blanchard (Apr 17)